UPDATED ST Engineering, the defense, aerospace, and engineering giant, is conducting a “rigorous review” of its security posture after a US subsidiary was hit by a ransomware attack last week. In a statement published on Friday (June 5), Ed Onwe, vice president and general manager of VT San Antonio Aerospace, said they had “discovered that a sophisticated group of cyber criminals, known as the Maze group, [had] gained unauthorized access to our network and deployed a ransomware attack.”
Texas-based VT San Antonio Aerospace repairs, maintains, and overhauls aircraft for commercial airlines and cargo operators. The fact that Maze listed two ‘lock dates’ on its website – in March and June – indicates “that there were two separate encryption events”, Brett Callow, threat analyst at computer science major jobs, told The Daily Swig.
“It’s also possible that Maze had continuous access to the company’s network for the period between those encryption events,” he added. A screenshot of a memo published by cybersecurity firm Cyble “strongly suggests that Maze had access to the company’s network in the days or weeks after” the first incident in March.
“This is why we recommend that companies rebuild their networks post-incident rather than simply decrypting their data: doing so ensures any backdoors are closed and cannot be used in a second attack.”
Texas-based VT San Antonio Aerospace repairs, maintains, and overhauls aircraft for commercial airlines and cargo operators. The fact that Maze listed two ‘lock dates’ on its website – in March and June – indicates “that there were two separate encryption events”, Brett Callow, threat analyst at computer science major jobs, told The Daily Swig.
“It’s also possible that Maze had continuous access to the company’s network for the period between those encryption events,” he added. A screenshot of a memo published by cybersecurity firm Cyble “strongly suggests that Maze had access to the company’s network in the days or weeks after” the first incident in March.
“This is why we recommend that companies rebuild their networks post-incident rather than simply decrypting their data: doing so ensures any backdoors are closed and cannot be used in a second attack.”
No comments:
Post a Comment