The attackers have apparently hit the organisation twice before, and threatened a third attack as soon as the data was published.
"We advise you to get in touch immediately. We have personal information including correspondence, contracts and other accounting (total 800 gigabytes of data)," they said in a note posted online.
"If you do not comply with our terms, your data will be published in the public domain. We will continue to download your data until you contact us," they added in surprisingly good English.
The site said Adif played a leading role in promoting the railway sector, working towards converting it into the ideal mode of transport and facilitating access to the infrastructure under fair conditions.
A screenshot of some of the Adif data posted online by the gang who attacked the company's website.
Adif's job is to to promote the Spanish railway system by developing and managing a safe, efficient and sustainable infrastructure to the highest quality standards in environmental terms.
The company is in charge of looking after rail infrastructure (tracks, stations, freight terminals, etc), managing rail traffic, distributing capacity to rail operators and the collection of fees for infrastructure, station and freight terminal use.
The company has no email contact for media and hence iTWire has sent a request for comment to the three email addresses that are available on the site.
The people behind REvil, which is also known as Sodinokibi, make a ransom demand and then wait to hear from the victim. If the ransom is not paid, then some of the data that has been pilfered during the attack is published.
If a REvil victim is not persuaded by this, then more data is made public. REvil also posts data on underground forums for other miscreants to pick up and use for their own nefarious purposes.
The ransomware is able to exploit a 2018 Windows vulnerability to elevate privileges, a flaw that Microsoft rates as important.