An airline was the target of a ransomware attack by ransom and data extortion team. Over the course of two days, the event occurred and exposed 5 million unique passengers’ and workers’ personal information.
The ransomware team was cited in a recent report from American cybersecurity and intelligence organizations that also forewarned of attacks primarily aimed at the healthcare sector.
Details of the Data Breach
A cybersecurity company reports that it was provided with two .csv files that ransom and data extortion team also gave to an airline.
The information on identified passengers is kept in the first file, while employee data is kept in the second. The employee data includes name, date of birth, country of birth, location, date employment began, “secret question,” “answer,” and salt, among other information.
When the group contacted the airline, ransom and data extortion team actually received a response from them. The ransomware team withheld information regarding the ransom demand made against the airline and whether any ransom had been paid by the international airline.
Ransom and data extortion team informed a cybersecurity company that it would make the airline data, including backdoor information, available to the public, it is assumed that no money has been given. It was unknown how much the ransomware team demanded to provide a decryption key, destroy all the data they had stolen, and notify the airline of the vulnerabilities found and exploited.
According to ransomware group’s representative, the network appears to lack established standards and is pretty chaotic, which irritated the attackers, who ultimately decided not to continue.
Ransomware team’s spokesperson cited the airline network’s poor organization prevented future attacks on the business. The team was irritated by the network’s disorganized structure and the lack of standards, making them completely unwilling to repeat the attack.
According to a cybersecurity company, ransomware team wants to make network information, “including backdoors,” privately and publicly available on hacker forums in addition to disclosing passenger and staff data on their dedicated leak site. Future negative consequences are not the responsibility of ransomware team.