Update as on 07/03/2020: The Netfilim ransomware operators published data leak part 3 (around 28 GB) of Stadler Rail.
This part of the data leak seems to consists company’s operating budgets, order billing documents, banking statements, and much more. Below is the snapshot of the directory listing of the sensitive files being leaked by the Netfilim ransomware operators.
It seems that Stadler Rail has not bowed down to the illegitimate conditions of the ransomware operators. There is a possibility of more data leaks of the company to be published soon.
Update as on 06/30/2020: Recently, our researchers noticed the Netfilim ransomware operators continue the data leak of Stadler Rail by posting part 2 of the leak series on their blog website.
Founded in the year 1942, Stadler has been building trains which are tailored to meet the needs of customers. With over 8500 employees, they have been generating annual revenue of around 3.2 billion Swiss francs.
The Netfilim ransomware operators have been releasing the data leaks of companies in parts, till the time the victim company does not comply with their terms. Based on it, this data leak notifies that once again Stadler Rail refused to accept the terms of the ransomware operators.
Below is the message posted by Netfilim ransomware operators-:
This part of the data leak seems to consists company’s operating budgets, order billing documents, banking documents, strategy plans, and much more. Below is the snapshot of the directory listing of the sensitive files being leaked by the Netfilim ransomware operators.
It seems that if the company has still not made a deal with the ransomware operators, and if it goes in the same way then more data leaks of the company might be coming soon.
The Cyble Research Team has identified the data leak of around 3GB. The data leak seems to consist a number of sensitive financial and legal documents of the company, such as land lease agreements, financial information of the company’s orders, details of employees’ pension funds, monthly order reports, and much more. Below is the snapshot of the directory listing of the sensitive files being leaked by the Netfilim ransomware operators.
We recommend people to:
- Never share personal information, including financial information over the phone, email or SMSs
- Use strong passwords and enforce multi-factor authentication where possible
- Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.
- Turn-on automatic software update feature on your computer, mobile and other connected devices where possible and pragmatic
- Use a reputed anti-virus and internet security software package on your connected devices including PC, Laptop, Mobile
- People who are concerned about their exposure in darkweb can register at AmiBreached.com to ascertain their exposure.
Cyble is a US-based cyber threat intelligence company with the express mission to provide organizations with real-time views of their supply chain cyber threats and risks.