Swiss rail vehicle construction firm Stadler disclosed last week that its IT network has been hit with malware attack and that cyber crooks are trying to extort money from the company.
In a press release [pdf], the company stated that an unknown group of hackers compromised its computer network and deployed malware in some machines in efforts to exfiltrate data from them.
"Stadler internal surveillance services found out that the company's IT network has been attacked by malware which has most likely led to a data leak," the company revealed.
"The scale of this leak has to be further analysed."
The company believes it to be a professional attack as hackers are demanding a large amount of money and also threatening to publish sensitive data to harm Stadler and its employees.
Following the discovery of the malware, the firm has taken various measures to contain the attack. It called in a team of external cyber security experts and also informed the responsible authorities.
According to Stadler, its backup data is comprehensive, and it is working to reboot all affected systems.
While the firm did not disclose the number of systems and locations affected, the local media reports said that the cyber attack has affected the entire IT system of the company.
Stadler is headquartered in Bussnang in Eastern Switzerland and has over 40 service locations globally. The company specialises in manufacturing high-speed trains, commuter heavy rail trains, underground trains, intercity trains, tram trains, shunting locomotives, main-line locomotives and passenger carriages.
In Switzerland, the firm has locations in Biel, St.Margrethen, Altenrhein, Erlen, Wallisellen, and Winterthur.
Stadler said its services and the production of new rail vehicle trains have continued despite the cyber attack and the on-going Coronavirus crisis.
Cyber security agencies are currently advising organisations to strengthen their security measures as a large number of APT and other hacking groups are currently trying to target organisation involved in providing critical services in their countries amid COVID-19 pandemic.
Interpol also issued a 'purple notice' last month to alert police forces around the world of an increasing number of ransomware attacks targeting healthcare sector during coronavirus crisis.
The US Health and Human Services (HHS) Department said in March that it had been hit by a cyber attack that seemed to be focused on hurting its ability to respond to coronavirus crisis.
Also in March, hackers tried to infiltrate the networks of the World Health Organization (WHO) in attempt to steal sensitive information from the global health agency.
Maze ransomware group published several screenshots on their website, showing directory listings from the company's systems
A favicon is the logo image of a website shown in browser tabs
Main customer accounts were not impacted, according to the company
Cyber attack in February rendered Council's website and many payment systems completely inoperable
The campaign has been linked to Vietnam-state-backed threat group APT32