Maze Gang Steals Around 1.5TB Data From ST. Engineering Aerospace

The US subsidiary of ST Engineering Aerospace recently lost about 1.5TB of sensitive data from its own company and partners, by a ransomware attacker.

On June 06, The Straits Times quoted the Cyfirma investigation, a cybersecurity company, as saying that in March 2020, the Maze gang allegedly attacked ST Engineering Aerospace.

Contract Details Stolen

The report further explained that the criminals had stolen data that included details of company contracts with various organizations, governments and airlines around the world.

On March 03, ST Engineering Aerospace released an internal memo that included details of ransomware infections at VT San Antonio Aerospace.

According to the memo, initially, the attack was not carried out by McAfee nor by the defenders of the Widows. The company itself recognized the problem after learning that the file was renamed and the associated "DECRYPT-FILES.txt" was encrypted in the same folder.

Separate Aerospace Commercial Operations

The vice president at VT San Antonio Aerospace, ED Onwe, when discussing the issue of the ransomware attack, said that recently, they had investigated the problem and they found that the company had fallen victim to the ransomware attack. They have now decided to separate the US commercial operations from ST Engineering to a limited amount.

The vice president also announced that at present, their business is being operated in this country.

Cyfirma has confirmed that the attackers have stolen details of the company's contract with the Peruvian government and the Argentine government. They have even stolen data that contains information about contracts with NASA.

Recently, a threat analyst at Emisoft, Brett Callow, shared his views on this issue and has stated, "The Ransomware group often leaves a back room that, if not addressed, can provide continued access to the network and allow a second attack. This is one reason why we always recommend that companies rebuild their networks after an event and not just decrypt their data. "

Share To:


Post A Comment:

0 comments so far,add yours