NewsOnline Security

Wabtec’s Erie Plant Hit with Ransomware… Allegedly!

In the world of cybersecurity, no company, regardless of its profession, is safe from ransomware attacks. Threat actors have elevated their techniques to ensure higher success rates… And it’s definitely working. The attacks vary from energy suppliers such as EPM to the latest victim – Rail giant Wabtec Erie Plant.

The company didn’t fully disclose the ransomware invasion but does suspect that such a practice might be in place. One of the reasons for this suspicion comes from the employees’ inability to log onto the network and do their jobs.

Wabtec claims that the incident impacted personal information within its systems across the US, Canada, the UK, and Brazil. How big is the breach? Is it really a ransomware attack? Let’s discuss everything below.

Wabtec Ransomware – A Huge Possibility

As we mentioned, ransomware attacks are on the rise, targeting big companies and facilities all over the world. When it comes to the groups behind these practices, we definitely have some big names, such as LockBit.

However, the recent Wabtec ransomware infiltration doesn’t have a name signed on it. In other words, the company still doesn’t know who’s behind the attack.

The entire predicament started with a total system blackout. Wabtec stopped some employees at the plant gate, informing them not to log on to their computers. 

Those working remotely, however, were unable to connect their laptops to the company network. The rail giant Wabtec told Erie News Now about the incident, but nothing official is out in the open yet.

We did mention the infamous group LockBit at the beginning of this section. Well, you guessed it – These threat actors published samples of data stolen from Wabtec online.

After that, they eventually leaked all the stolen data, which only meant one thing – the ransom was not paid.

The investigations ended back in November, confirming that LockBit was indeed behind this whole incident. The malicious group stole files containing sensitive personal information, including:

  • Full Name,
  • Date of Birth,
  • Non-US National ID Number,
  • Non-US Social Insurance Number or Fiscal Code,
  • Passport Number,
  • IP Address,
  • Employer Identification Number (EIN),
  • USCIS or Alien Registration Number,
  • NHS (National Health Service) Number (UK),
  • Medical Record/Health Insurance Information,
  • Photograph, Gender/Gender Identity,
  • Salary, Social Security Number (US),
  • Financial Account Information,
  • Payment Card Information,
  • Account Username and Password,
  • Biometric Information,
  • Race/Ethnicity,
  • Criminal Conviction or Offense,
  • Sexual Orientation/Life,
  • Religious Beliefs,
  • Union Affiliation

Wabtec stated that there hadn’t been any reported incidents in which the data was misused or utilized in further malicious practices. Here’s what the company had to say:

“While there is no indication that any specific information was or will be misused, considering the nature of the incident and of the affected personal data, we cannot rule out that there may be attempts to carry out fraudulent activity.”

However, everyone should stay put and be well aware of what’s going on. That means they should monitor their financial account statements and remain vigilant when approached by anyone to avoid identity theft and fraud.

LockBit Strikes Again – Stolen Data Out in the Open

On December 22nd, 2022, Wabtec started sending warnings of the breach, and that affected individuals should take proper precautions.

Ransomware is on the rise, and it doesn’t seem to be stopping anytime soon. Big companies are falling victim to such attacks, which means that anyone can be a target. Take the necessary measurements and stay safe.

Jonathan Beesly

Jonathan is the main author at He regularly publishes posts that aim to introduce better cyber-security practices to the masses.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Articles

Back to top button