Ransomware Attack Exposes 1.5TB of Stolen Aerospace Data

Published at: June 7, 2020

ST Engineering Aerospace’s US subsidiary suffered a ransomware attack that managed to extract about 1.5TB of sensitive data from the firm and its partners.

According to an article published by The Straits Times on June 6, the Singapore-based company was allegedly attacked by the well-known ransomware gang Maze in March, citing an analysis by cybersecurity firm, Cyfirma. 

The report details that the data stolen by the criminals is related to contract details with various government, organizations, and airlines across the globe. No additional details were provided on its content.

Undetectable for common antiviruses software

Cointelegraph had access to an internal memo issued on March 3 by ST Engineering Aerospace, detailing the VT San Antonio Aerospace as the site of a “ransomware infection.” 

The memo detailed that McAfee and Windows Defender did not initially identify the ransomware attack. They managed to detect the problem by reading the renamed files and associated “DECRYPT-FILES.txt” located in the same folder as encrypted files.

Ed Onwe, vice-president and general manager at VT San Antonio Aerospace, said the following to The Straits Times:

“Our ongoing investigation indicates that the threat has been contained, and we believe it to be isolated to a limited number of ST Engineering’s US commercial operations. Currently, our business continues to be operational.”

Cyfirma also assured that some of the data stolen contained information on contracts with the governments of countries like Peru and Argentina, and with agencies such as NASA.

Companies need to rebuild their networks 

Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft, commented the following after the attack on the Singapore-based company:

“Ransomware groups often leave backdoors which, if not remediated, can provide continued access to a network and enable a second attack. This one of the reasons we always recommend that companies rebuild their networks after an incident as opposed to simply decrypting their data.”

Cointelegraph reported on June 6 about a ransomware attack called DopplePaymer which managed to breach the network of the Maryland-based Digital Management Inc, or DMI — a company which provides IT and cyber-security services to several Fortune 100 companies and government agencies like NASA.

Another ransomware gang, NetWalker, claimed to have stolen sensitive data, including student names, social security numbers, and financial information from three US universities.

Tags
Related Posts
Researchers Say Ransomware Attacks on the Rise as More People Work From Home
A study published by cybersecurity firm, Proofpoint, shows an increase in email-based phishing attacks used to deliver ransomware over the last few months. According to the report, first-stage deployments of ransomware are reportedly on the rise and have mostly been targeting the United States, France, Germany, Greece, and Italy. The attacks appear to be capitalizing on the influx of people now working from home amid the COVID-19 pandemic. Research additionally indicates that the ransom demands are very low compared to the amounts usually seen in these attacks. Lower than average ransoms A ransomware application called “Mr. Robot” has mostly targeted …
Technology / June 29, 2020
Ransomware Gang Failed to Deploy an Attack Against 30 US Firms
Cybersecurity firm Symantec blocked a ransomware attack by a group known for demanding payment in Bitcoin (BTC) directed at 30 U.S.-based firms and Fortune 500 companies. The announcement published by the cybersecurity firm claims that the Evil Group, the malware gang behind the attacks, targeted the IT infrastructures of the firms. Still, the companies were alerted in time to prevent deployment of the ransomware. The group used the ransomware WastedLocker and managed to breach the security of the victims' networks and unsuccessfully attempted to laying the ground for staging the attacks. Gang asks for million-dollar payments Cointelegraph reported recently a …
Technology / June 28, 2020
Beware of Fake Ransomware Decryption Tools
As free ransomware decryptor tools begin to enter the market, a wave of fake software that claims to decrypt ransomware-affected files has begun to proliferate. According to a report released by Bleeping Computer on June 5, the creators behind Zorab ransomware released a fake STOP Djvu decryptor. Instead of recovering a victim’s data however, this software appears to encrypt their files further with a second ransomware. When the victim opens one of these tools, the software extracts an executable file called crab.exe. This is the Zorab ransomware itself. Once executed, the tool will encrypt all files present with a .ZRB …
Technology / June 7, 2020
Another Free Ransomware Decryptor Released
Malware lab, Emsisoft, released a free decryptor tool on June 4. The tool enables victims to recover files encrypted by Tycoon ransomware attacks without needing to pay the ransom. Researchers from the BlackBerry’s security unit first discovered the ransomware. They stated in TechCrunch that Tycoon uses a Java file format to make it more difficult to detect before deploying its payload that encrypts the files. How does Tycoon work Speaking with Cointelegraph, Brett Callow, threat analyst of Emsisoft, said: “Tycoon is a Java-based, human-operated ransomware that appears to specifically target smaller enterprises and is typically deployed via an attack on …
Technology / June 6, 2020
Are crypto and blockchain safe for kids, or should greater measures be put in place?
Crypto is going mainstream, and the world’s younger generation, in particular, is taking note. Cryptocurrency exchange Crypto.com recently predicted that crypto users worldwide could reach 1 billion by the end of 2022. Further findings show that Millennials — those between the ages of 26 and 41 — are turning to digital asset investment to build wealth. For example, a study conducted in 2021 by personal loan company Stilt found that, according to its user data, more than 94% of people who own crypto were between 18 and 40. Keeping children safe While the increased interest in cryptocurrency is notable, some …
Adoption / Feb. 26, 2022