The planemaker Embraer became a victim of the ransomware: data leaked

Third-largest airplane company suffers data breach and hackers now leaking their data

Data of plane maker Embraer got leakedInformation about employees and business contracts got leaked online after the ransomware attack.

A Brazilian company Embraer possibly was the victim of ransomware last month.[1] Now involved hacker group is leaking some of the company's private data as revenge since the victim refused to pay the ransom.[2] Such a technique is becoming common among ransomware creators.[3] Embraer refused to negotiate any payment options after the ransomware attack and chose to restore their systems from their backups without meeting hackers' demands.

The press release from Embraer states:

Shareholders and the market that its IT systems suffered a cyberattack, resulting in the disclosure of data allegedly attributed to the Company in the early hours of November 30, 2020.

Files got shared on the website by using the dark web host.[4] The site is managed by the RansomExx or the Defray777 ransomware creators.[5] It is possible to believe that this threat is the one to blame for the attack on the Brazilian planemaker back in November. This leak confirms that during the ransomware attack, data was stolen from encrypted servers.

Data includes employee details and contract information

Embraer is one of the three biggest airplane maker companies. This giant also is one of the three victims that got their data leaked on the RansomExx website at the same time. This site was launched on Saturday with all the pieces of information related to private and sensitive company data.

Information that got uploaded online contains samples of employee details, business contracts, flight simulation information with photos, source codes. The press release that was issued last week shows that the company admits the security breach. It was not known if the ransomware creators managed to steal data or not until this incident.

Embraer's particular report did not confirm the particular data breach incident or the ransomware or even data theft. The only indication was that the company's single environment suffered from a temporary impact that affected some of the company operations. The RansomExx leak was not commented on by any of the airplane maker company officials.

Information leaking sites becoming more and more popular

There are tons of such sites that contain databases from ransomware victims. Ryuk, Sodinokibi, Conti, and other ransomware-type threats already operate leak sites that expose various sensitive details from victims who refuse to pay the ransom demands.

Leak sites are forming a new trend of revenge from cybercriminals. When ransomware groups are not getting money directly by locking files, systems, they turn to this double-extortion method. The University of Utah earlier this year suffered such an attack. Officials decided to pay $457,000 to a and of hackers. Attackers threatened to leak stolen data on their site if the university refused to pay the ransom for file recovery.

Thousands of these leak sites show how malicious hacker groups have gotten. It is still not fully admitted that Embraer suffered a security breach it a direct ransomware attack. Still, the sensitive data that got published got exfiltrated during some kind of a cyber attack.

About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions