Ransomware attack exposes 1.5TB of stolen aerospace data

ST Engineering Aerospace’s US subsidiary experienced a ransomware attack that extracted about 1.5TB of crucial data from the company and its partners.

According to The Straits Times, the Singaporian company was supposedly attacked by the reputable ransomware gang Maze in March, as per an analysis by cybersecurity firm, Cyfirma.

The report explained that the data stolen by criminals is linked to contract details with numerous governments, organizations, and airlines around the globe. No extra details were given on its content.

An internal memo issued on March 3 was issued by ST Engineering Aerospace, referring to the VT San Antonio Aerospace as the site of a “ransomware infection.” 

McAfee and Windows Defender initially failed to identify the ransomware attack. They detected the problem by studying the renamed files and associated “DECRYPT-FILES.txt” present in the same folder as encrypted files.

Ed Onwe, vice-president and general manager at VT San Antonio Aerospace, stated:

“Our ongoing investigation indicates that the threat has been contained, and we believe it to be isolated to a limited number of ST Engineering’s US commercial operations. Currently, our business continues to be operational.”

According to Cyfirma, some of the data stolen contained sensitive information on contracts with the government agencies of countries such as Peru and Argentina, and with agencies like NASA.

Another ransomware gang, NetWalker, also declared to have stolen sensitive data, including student names, social security numbers, and financial information from three US universities.