Skip to content

Ransomware attack reveals 1.5 TB of stolen aerospace data

June 8, 2020

ST Engineering Aerospace’s US subsidiary suffered a ransomware attack that extracted approximately 1.5 TB of confidential data from the company and its partners.

According to an article by the Straits Times on June 6, the Singapore-based company has It was allegedly attacked in March by the well-known ransomware group Maze, citing an analysis by cyber security company Cyfirma.

The report describes that the data was stolen from criminals They refer to details of contracts with various governments, organizations and airlines around the world. No additional details about its content were given.

Not recognizable for common antivirus software

Ransomware attack reveals 1.5 TB of stolen aerospace data
Ransomware attack reveals 1.5 TB of stolen aerospace data

Cointelegraph had access to an internal note issued by ST Engineering Aerospace on March 3 as the site of a “ransomware infection” at the VT San Antonio Aerospace .

The note detailed that McAfee and Windows Defender did not initially identify the ransomware attack., managed to identify the problem by reading the renamed and related files, “DECRYPT-FILES.txt” is in the same folder as the encrypted files.

Ed Onwe, vice president and general manager of VT San Antonio Aerospace, said the following to The Straits Times:

“Our ongoing investigation has shown that the threat has been contained and we believe that it is isolated in only a limited number of ST Engineering’s businesses in the United States. Our company continues to operate today.”

Cyfirma also affirmed that the stolen data included information about contracts with governments from countries like Peru and Argentina, as well as agencies like NASA.

Companies have to rebuild their networks

Talk to Cointelegraph Brett Callow, threat analyst at the Emsisoft malware laboratoryAfter the attack on the Singapore-based company, he said the following:

“Ransomware groups often leave back doors that, if not fixed, give continuous access to a network and allow a second attack. This is one reason why we always recommend companies to rebuild their networks after an incident rather than just decrypt your data. “

Cointelegraph reported on June 6 about a ransomware attack called DopplePaymerwho managed to violate the network of Maryland-based Digital Management Inc or DMI, a company that provides IT and cyber security services to multiple companies among the world’s 100 richest and government agencies, such as NASA.

Another ransomware group, NetWalker, claimed to have stolen confidential data. including student names, social security numbers, and financial information from three universities in the United States.

Receive Breaking News !

Enable Notifications    Ok No thanks