Ransomware gang REvil stole over 800 GB of data from ADIF, the Spanish state-owned railway infrastructure manager, after a successful attack deployed on their systems.

According to El Español, the authorship of the cyberattack belongs to the well-known ransomware group after they published a post on the official darknet website of REvil on July 22, who boasted of adding another victim.

The cybercriminals claimed to have caught over 800 GB in data from the servers of ADIF, although it’s not confirmed how they managed to breach the security of the railway infrastructure manager based in Madrid.

REvil didn’t disclose major information on which kind of data they stole, but a screenshot published by the gang in the blog post shows some files that could contain personal data, letters, contracts, and account information of ADIF.

The vulnerability could have not been patched yet

The report states that the ransomware gang claimed to have the capabilities to keep downloading data from ADIF’s IT systems, suggesting that the attack is still underway due to a vulnerability that hasn’t been patched so far if they don’t pay for the requested ransom, which is unknown as of press time.

However, the Spanish state-owned company issued a comment on the attack:

"At no time has the infrastructure been affected, always guaranteeing the proper functioning of all our services. Adif, aware of being the manager of a critical infrastructure such as the exploitation of the railway network, considers cybersecurity as one of the pillars of comprehensive security.”

Recently, REvil launched another series of attacks targeting three companies in the U.S. and Canada. They have leaked data from two of the companies and threatened to disclose sensitive data from the third.

Also, Cointelegraph reported on June 12 that the gang leaked sensitive documents stolen from a US-based robotics company. According to an official blog post from REvil on June 11, the team has started leaking confidential data belonging to Symbotic LLC.