Belgium-based airplane parts and aviation structuring business ASCO Industries has shuttered its plants after falling victim to a ransomware attack. The perpetrators of the attack are yet to be identified.
The company management has alerted the authorities about the cyber-attack. The public prosecutor of Halle-Vilvoorde arrondissement confirmed on 11 June that a complaint against strangers was registered by the company. The plants will remain closed until further notice, said the news reports.
"We've previously seen LockerGaga ransomware as responsible for disruption at Norsk Hydro plants. It may be the same case here, though it's too early to tell at this point," said Chris Doman, security researcher at AT&T Alien Labs. The company has confirmed to Data News the involvement of ransomware in the attack. However, it has added that there was no indication of any information stolen.
"This isn’t the first manufacturer to be hit by ransomware and it won’t be the last. Ransomware is successful when victims actually pay. A simple solution to the ransomware problem would be to stop paying the ransom, but that’s easier said than done when your data, and your business, are being held hostage. The best protection against ransomware is a good set of backups and the ability to restore systems quickly," said Tim Erlin, product management and strategy VP at Tripwire.
The attack came two months after the European Commission approved the acquisition of the company by US-based Spirit Aerosystems. The US$ 650 million (£512 million) all-cash takeover of SRIF, parent of the Belgium-based aircraft component maker, was announced in May 2018.
The first EU regulatory review was halted in October 2018 when Spirit withdrew its initial acquisition notification to the Commission due to regulatory concerns. The company restarted the regulatory process in February 2019 after notifying the European Commission on 30 January.
There was no press release or announcement from both the companies. The LinkedIn and Twitter handles of both companies did not carry a confirmation or acknowledgement of the attack until the report was published.
ASCO manufactured parts for the F-35 fighter jet, the Airbus A400M military aircraft, Ariane space launch rockets, and the commercial aircraft of Boeing and Airbus.
"Given what this vendor produces, a ransomware, while disastrous for them financially, it’s far better than having an attacker with a potential to affect the integrity of their fighter jets," said Martin Jartelius, CSO at Outpost24.
Andrea Carcano, CPO of co-founder of Nozomi Networks warned that it is never advisable to pay the ransom in these situations. "It is not guaranteed that the criminals will honour the agreement and restore systems/data. Organisations should prepare for these types of events and have an incident response plan in place to help limit the damage caused, not only to production but also to customer trust and brand reputation," he said.
The aviation industry has been a target of hackers of late . "When an airline is purchased, the new owner or partner is more likely to try to adopt the legacy systems rather than fully integrate and update. Newer airlines without this legacy have a better chance of keeping control of their IT systems and could be a more attractive insurance option," observed insurer Munich Re in its report on cyber-threats in aviation.
When it comes to ransomware, prevention is always better than cure, said Shlomie Liberow, technical programme manager at HackerOne. "This means ensuring all systems are up to date with the latest patches and that there are no security vulnerabilities or weaknesses which could leave an organisation exposed to attackers."