Hackers have dumped online sensitive company data that was stolen during a ransomware attack in Nov. on aircraft manufacturer Embraer. This compromised data appeared on a new dark web site created to publish leaked information, states a published report.
The files were stolen from the Brazilian aircraft manufacturer in a ransomware attack last month.
Refusal
This move appears to be in ‘revenge’ for the Brazilian-based company’s refusal to pay a ransom after the attack, instead to restoring affected systems from backup, according to a report in ZDNet published early Mon. The files were made public on a recently-created dark web site managed by the Ransom Exx ransomware gang, also known as Defray 777, according to the report.
Embraer is the 3rd-largest producer of airliners behind Boeing & Airbus. The company acknowledged in a statement on Nov. 30 that a cyberattack that accessed “only a single environment of the company’s files” occurred on Nov. 25.
Procedures
“As a result of this occurrence, the Company immediately initiated its procedures of investigation & resolution of the event, as well as proceeding with the proactive isolation of some of its systems to protect the systems environment, thus causing temporary impact on some of its operations,” according to the statement.
Embraer did not explain what kind of attack the company suffered, or if data was stolen from the accessed environment. The 100s of megabytes of data files found on the Ransom Exx site include folders relating to employee data, supply-chain subcontracts, & source code, 3D models & photos of Embraer aircraft, according to the report.
Leaked Data
Embraer is not the only company with leaked data appearing on the leak site, which reportedly launched over the weekend on Sat. Data stolen from other companies that were victims of the ransomware group also appeared on the site, according to ZDNet.
Ransomware gangs have been particularly active lately in numerous high-profile attacks on large companies. Ransom Exx / Defray is one of the smaller groups currently operating, though perhaps the launch of the leak site is an indication that they will boost their level of activity in the coming months.
Ransomware Groups
Other ransomware groups that also manage leak sites for the data stolen in ransomware attacks include Conti, Clop, Egregor & REvil, among others. Several of these groups have pulled off a number of significant attacks in the last few months, some of which resulted in data being leaked on their respective sites.
Last week Egregor hit both the Vancouver Metro system Translink & US retailer Kmart with ransomware attacks.
Major Attacks
Prior to that, the group also mounted major attacks in Oct. against bookseller Barnes & Noble & gaming companies Ubisof & Crytek.
Clop & Conti also have been responsible for attacks in recent months. Last week Clop stole 2m credit card details after an attack on S. Korean retail group E-Land. Conti, meanwhile, made off with data from chip manufacturer Advantech in Nov., publishing a list of files on its leak site to try to pressure the company to pay the hefty ransom of 750 Bitcoin, or about $14m.
https://www.cybernewsgroup.co.uk/virtual-conference-january-2021/