Rail vehicle manufacturer Stadler hit by cyberattack, blackmailed

International rail vehicle construction company, Stadler, disclosed that it was the victim of a cyberattack which might have also allowed the attackers to steal company and employee data.

Stadler manufactures a wide range of railway vehicles from high-speed trains to tramways and trams, and it is the world’s leading service provider in the rack-and-pinion rail vehicle industry. 

The Swiss-based company has a workforce of roughly 11,000 employees based in 7 production locations, 5 component manufacturing sites, and 40 service locations around the world.

Data leak threats

Stadler announced on Thursday evening that attackers managed to infiltrate its IT network and infect some of its machines with malware and, most probably, to collect and exfiltrate data from the compromised devices in the process.

"Stadler's internal monitoring services have established that the company's IT network was attacked with malware and that it is highly probable that an outflow of data of an as yet unknown extent has occurred," the company said.

After the attack was discovered and Stadler took measures to contain it, the threat actors behind this security incident also asked for a large ransom and are attempting to blackmail the company by threatening to leak stolen data.

The unknown perpetrators are attempting to blackmail Stadler, demanding large sums of money, and to put pressure on Stadler with the possible publication of data in order to harm the company and thus also its employees. - Stadler

The rail vehicle manufacturer said that it took the steps needed to secure its computing systems immediately after and it also hired a team of external security experts to help with the incident's investigation.

Stadler also stated that it has backups for the affected data and that it is working on restarting and, potentially, restoring the impacted systems.

While the company does not explicitly call it a ransomware attack, all the signs of one are there: attackers asking for a ransom under the threat of leaking sensitive data stolen before encrypting the systems and the mention of data backups which directly implies that its systems were encrypted (or wiped) during the attack.

The entire Stadler group impacted by the attack

Although the incident announcement doesn't disclose the number of locations and systems affected, Swiss media says that the entire Stadler group was impacted by this cyberattack, including locations from Switzerland and abroad. 

Stadler also said in a statement that the company has filed a complaint with the Thurgau public prosecutor and that an investigation is ongoing. 

"Despite the corona pandemic and cyber attacks, the continuation of the production of new trains and Stadler's services is guaranteed," the train manufacture emphasizes.

BleepingComputer has reached out to a Stadler spokesperson for additional details but had not heard back at the time of this publication. 

Comments are closed.