Ransomware attack exposes 1.5 TB of stolen aerospace data

 

ST Engineering Aerospace’s US subsidiary, suffered a ransomware attack that managed to extract approximately 1.5 TB of confidential data from the company and its partners

According to an article published by The Straits Times Bitcoin Revolution on June 6, the Singapore-based company was allegedly attacked by the well-known ransomware group, Maze, in March, citing an analysis by the cyber security firm, Cyfirma.

The report details that the data stolen by the criminals is linked to details of contracts with various governments, organizations and airlines around the world. no further details were provided on its content.

These two Bitcoin chain metrics suggest that the post-halving downturn is over

Undetectable by common anti-virus software
Cointelegraph had access to an internal note issued on March 3rd by ST Engineering Aerospace, which details how the VT San Antonio Aerospace was the site of a „ransomware infection“.

The note detailed that McAfee and Windows Defender did not initially identify the ransomware attack, but managed to detect the problem by reading the renamed and associated „DECRYPT-FILES.txt“ files located in the same folder as the encrypted files.

Ed Onwe, vice president and general manager of, VT San Antonio Aerospace, told The Straits Times the following

„Our ongoing investigation indicates that the threat has been contained, and we believe that it is isolated to only a limited number of ST Engineering’s business operations in the United States.

Cyfirma also said that among the stolen data was information on contracts with the governments of countries such as Peru and Argentina, and with agencies such as NASA.

Beware of fake ransomware decryption tools

Companies need to rebuild their networks
Speaking to Cointelegraph, Brett Callow, a threat analyst at the Emsisoft malware lab, commented as follows after the attack on the Singapore-based company:

„Ransomware groups often leave backdoors that, if left unchecked, can provide continuous access to a network and allow a second attack, which is one reason why we always recommend that companies rebuild their networks after an incident rather than simply decrypting their data.

Cointelegraph reported on June 6 about a ransomware attack called, DopplePaymer, which managed to breach the network of Digital Management Inc, or DMI, based in Maryland, a company that provides IT services and cyber security to several companies among the 100 richest in the world and government agencies such as NASA.

NetWalker, another ransomware group, claimed to have stolen confidential data, including student names, social security numbers and financial information from three U.S. universities.

Comments are closed, but trackbacks and pingbacks are open.