News / Aviation equipment major ASCO suffers ransomware attack, shuts operations
Aviation equipment major ASCO suffers ransomware attack, shuts operations
13 June 2019 |
Belgian aircraft equipment manufacturer ASCO was forced to shut down operations in Belgium, Germany, Canada, and the US after a ransomware attack crippled IT systems at its manufacturing plant in Zaventem, Belgium.
ASCO is among the world's largest aircraft equipment manufacturers and supplies high-end aircraft equipment such as high lift devices, mechanical assemblies, and functional components to several global aviation giants such as Boeing, Airbus, Lockheed Martin, Bombardier Aerospace, and Embraer.
IT systems at the company's manufacturing plant in Zaventem, Belgium, which also serves as its headquarters, were reportedly targeted by a ransomware attack last Friday, forcing the company to shut down its factories located in Belgium, Germany, Canada, and the US in order to mitigate the impact of the infection.
ASCO employees sent on indefinite leave
ASCO, which was taken over by US firm Spirit AeroSystems last year, also sent around 1,000 of its 1,400 employees at the said factories home due to the prolonged shutdown and they have been asked not to report back to work until further notice. However, the company's non-production offices in France and Brazil are, at present, operational.
ASCO has not made any official statement about the ransomware attack so far, nor has it shared any details about the ransom demanded, whether the company intends to honour the demand, or whether the infection has led to loss of intellectual property secrets. However, the company told The Brussels Times that it has not detected any theft or loss of information so far.
"Ransomware continues to be a growing risk for many companies and once inside a network, unless there are controls in place to prevent the spread, it can take hold of the entire infrastructure rapidly," said Javvad Malik, security awareness advocate at KnowBe4.
"It's worth remembering that in most cases, the initial infection is through a phishing or spearphishing email, therefore it is important to train users and make them aware of the risks, so they can make better-informed decisions, and also escalate any potential issues where they may arise," he added.
"This is yet again a tragic example of when systems within a network fulfilling critical functions have been subject to a relatively open network environment allowing the attack to propagate and affect related systems. Hardening and defense in depth, as well as isolation of production environments, is critical to decreasing the impact of breaches," said Martin Jartelius, CSO at Outpost24.
"In this case the breach was a ransomware, but it could equally well have been a targeted attacker gaining persistent access to the environment. Given what this vendor produces, a ransomware while disastrous for them financially, it’s far better than having an attacker with a potential to affect the integrity of their fighter jets," he added.
Earlier this year, a similar ransomware attack struck Norsk Hydro, one of the largest aluminium companies worldwide, forcing the company to switch to manual operations and take urgent steps to contain and neutralise the cyber attack.
NorCERT (Norway's National Cyber Security Centre) later confirmed that Norsk Hydro had suffered a LockerGoga ransomware attack whcih was combined with an attack n Active Directory (AD).
"The attack has impacted operations in several of the company’s business areas globally. IT systems in most business areas are impacted and Hydro is switching to manual operations where possible. Hydro’s power plants are running normally on isolated IT systems," said Norsk Hydro.
Latest posts by Jay Jay (see all)
- Google kicks out 7 stalker apps that enjoyed 130,000 installations - 18th July 2019
- AMCA data breach affected 2.2m Clinical Pathology Laboratories patients - 18th July 2019
- Motor industry employee fined £25,500 for personal data theft that lasted years - 18th July 2019
- Phishing attack targeting financial organisations using SHTML file attachments - 17th July 2019
- Hackers accessed Sprint subscriber accounts via Samsung website - 17th July 2019