Aerospace Giant Embraer Downed by Suspected Ransomware

Written by

Brazilian aerospace giant Embraer has revealed it suffered a data breach last week, although local reports suggest ransomware was involved.

The aircraft-maker, the world’s third largest after Boeing and Airbus, claimed in a brief statement on Monday that it suffered a cyber-attack resulting in the disclosure of data “attributed to the company” in the early hours of November 30.

Confusingly, the announcement also notes that the actual incident was identified on November 25, last Wednesday.

According to the statement, the attack “made access to only a single environment of the company’s files unavailable.”

The firm said it is now working to “normalize” its operations, which would indicate that at least some disruption had occurred.

“As a result of this occurrence, the company immediately initiated its procedures of investigation and resolution of the event, as well as proceeding with the proactive isolation of some of its systems to protect the systems environment, thus causing temporary impact on some of its operations,” it continued.

“The company continues to operate with the use of contingency systems, with no material impact to its activities.”

Although Embraer itself is being coy about the cause of the attack, local reports in Brazil were more revealing.

News site Globo confirmed that the cause was indeed ransomware, with sources claiming on Tuesday that the firm had not yet restored all its systems.

It was also claimed that a large number of Embraer servers were forced offline by the firm and that attackers managed to encrypt some backups. All remote workers were apparently affected for some time, although the IT department told them it was down to a system problem rather than cyber-attack.

Tripwire VP of strategy, Tim Erlin, argued that every organization today needs to be prepared for a ransomware attack.

“While we tend to focus on the response to ransomware, prevention is still the best way to deal with the threat,” he added.

“Ransomware doesn’t magically appear on systems, and the methods by which it’s introduced into an environment are generally well understood: phishing, vulnerability exploits and misconfigurations. Identifying and addressing the weak points in your security posture can help prevent ransomware, as well as other attacks, from being successful.”

What’s hot on Infosecurity Magazine?