ASCO Sends Workers Home After Ransomware Attack
Aeroplane parts manufacturer sends home 1,000 of 1,400 workers after being crippled by ransomware.
A ransomware attack on one of the world’s largest suppliers of aeroplane parts, has caused it to cease production in factories across four countries.
ASCO Industries based in Belgium has also reportedly had to send home the vast majority of its workforce after the ransomware attack last Friday (7 June).
In March this year, a ransomware attack crippled the operations of large Norwegian manufacturing firm Norsk Hydro. The company estimated that it lost more than $40m in the week following that attack.
And now ASCO has become the latest firm to be impacted by ransomware, although the company is not at the moment saying anything officially about the attack.
ASCO has offices and production centres in Belgium, Germany, Canada, the US, and offices in Brasil and France.
According to VRT, the police has been notified, and the firm has brought in external experts to investigate.
The company has apparently ceased production in all of its production centres, but it has not confirmed whether the ransomware has spread to those systems, or whether the move was simply a way to stop the ransomware spreading.
Other media reports suggest the firm has sent home 1,000 of its total 1,400 workforce.
It is also not clear at this stage whether ASCO is paying the hackers, or whether it is trying to recover its systems via backups.
Security experts were quick to highlight the dangers posed by ransomware attacks.
“The attack against ASCO has once again highlighted the dangerous power of ransomware,” said Andrea Carcano, CPO of the co-founder of Nozomi Network. “The attack has brought operations to a halt and resulted in over a thousand employees being sent home which will be having a significant impact on the organisation financially.”
“When it comes to ransomware, prevention is always better than cure as, if infected, it is never advisable to pay the ransom as it is not guaranteed that the criminals will honour the agreement and restore systems/data,” said Carcano. “Organisations should prepare for these types of events and have an incident response plan in place to help limit the damage caused, not only to production but also to customer trust and brand reputation.”
This point was echoed by another expert who said that businesses have to prepare to be targetted by cybercriminals, and he noted the secretive way that ASCO is dealing with the attack.
“Airplane manufacturer ASCO being hit by ransomware continues the trend of cybercriminals focusing their efforts on industry and manufacturing as their targets – recognizing the costly and disruptive effect such a shutdown will have on the business,” explained Shlomie Liberow, technical program manager at HackerOne.
“This comes only a few months after Norsk Hydro was also shut down by ransomware – however, Norsk showed the world that while ransomware is costly and devastating in the moment, it doesn’t have to have a lasting effect on reputation as the open and transparent way Norsk dealt with the attack resulted in a rise in share price,” said Liberow.
“Public understanding of ransomware is on the rise so if ASCO reacts quickly and in a way that keeps relevant stakeholders informed, hopefully, it will see no lasting damage to reputation,” Liberow said.
Another expert agreed that ransomware is a growing risk.
“Ransomware continues to be a growing risk for many companies and once inside a network, unless there are controls in place to prevent the spread, it can take hold of the entire infrastructure rapidly,” said Javvad Malik, security awareness advocate at KnowBe4.
“It’s worth remembering that in most cases, the initial infection is through a phishing or spearphishing email, therefore it is important to train users and make them aware of the risks, so they can make better-informed decisions, and also escalate any potential issues where they may arise,” said Malik.
Whatever the experts may say, in April a study from Appriver revealed a worrying admission about the actions of companies after they are struck with a ransomware attack.
It found that more than half of executives (55 per cent) at small-to-medium-sized businesses (SMBs) in the US said they would pay hackers to recover their stolen data in ransomware attacks.
This directly contradicts the advice of nearly all security professionals, who urge firms not to pay but instead invest money in improving cyber defences and education, as well as ensuring that regular backups are carried out.
But it is not just companies that can be impacted by ransomware. The most famous case in recent years was probably the Wannacry ransomware scourge that infected computers around the world in 2017.
More recently, the east coast American city of Baltimore is slowly recovering after most of its computers and IT infrastructure were crippled after a devastating ransomware attack.
The cyberattack struck Baltimore’s computers on 7 May, and nearly a month later, most online city services and 10,000 computers remained crippled. That said, the city is now slowing recovering its systems.
Industry: Cyber Security News
- Penetration Tester, UK based. Ability to achieve SC clearance
- United Kingdom
Experienced Penetration tester- UK based with the ability to achieve SC clearance. On-going training and development and paid certifications / renewals. Interested to hear from all areas of penetration testing, web app, infrastructure, mobile, etc. MUST have current hands on experience delivering penetration testing. Ideally from a consultancy background with experience working with multiple clients. OSCP / CREST / CHECK / Tigerscheme penetration testing experience / certifications desirable. Apply today for more details. All information kept in the strictest of confidence.
- Senior Data Privacy Specialist, London. CIPT
REF CH7875 £60,000 Senior Data Privacy Specialist, London. CIPT Senior Data Privacy Specialist needed to help advise client on project and programmes relating to Data Privacy and compliance. UK based role. Ideally looking for someone that has a strong appreciation of technology and Data Privacy that can work with clients to develop or enhance their strategies, policies, processes and techniques to manage cybersecurity risks while enabling business driven data. Certified Information Privacy Technologists (CIPT), Certified Information Privacy Professional/Europe CIPP/E experience and or certification highly desirable. Specific experience within the healthcare industry is of particular interest. All details kept in confidence Apply today for more information
- Cyber Security lead Managing Consultant, Healthcare
REF CH7874 £120,000 Cyber Security lead Managing Consultant, Healthcare, Public Sector. UK Cyber Security lead Managing Consultant with a specialisation in healthcare needed. The Cyber Security lead Managing Consultant will identify, engage with, consult and deliver key and critical cyber focused programmes and projects into healthcare clients. To be a success in the role you will be able to identify and engage with clients building pipelines of new business opportunities. A key part of your role will be to engage with new and existing clients to win new business opportunities- this role is revenue generating. Consulting experience around digital cyber transformations, Governance, Risk & Compliance, Critical National Infrastructure programmes, Managed Detection and Response etc are key. NIST, ISO27001, etc Team management, , identifying Cyber Risk, UK based, Permanent position. The ability to achieve UK security clearance is a perquisite. All details held in confidence. Apply today for more information.
- CONTRACT outside IR35 - SENIOR Security Analyst level 3.
- United Kingdom
- competitive day rates
REF CH7873 CONTRACT 3 month rolling outside ir35 SENIOR Security Analyst level 3. London ideally- but flexible SOC SIEM experience essential. Broad cyber hands on experience should include Threat hunting, Detection, Phishing, Malware etc Scope of engagement · Managing / running BAU tasks (Organising and assigning workloads to the Tier 2 analysts) · Working with the various security tools (Creating documentation to support the use of these tools) · Support Incident Management activities (Work with the incident managers when an incident is identified) · Support Incident Response activities (Recommendations and support remediation activities without completing these activities) · Be technical point of contact to the wider business on security related issues (SME within the team on security related issues) · Train the SOC Analysts (Continuity of service - knowledge transfer to the T2 analysts ) · Working with the Security Engineers on: (Use Case Development Identifying scenarios and developing the use case for the engineering team to deploy Identifying rules and alerts triggered to be fine-tuned by the engineering team) · Recommendations for dashboard creation (Working with the engineering team to identify potential dashboards to create) · Creating, maintaining and uplifting documentation (Playbooks, Process Documentation) · Drive improvement across the estate (Support Vulnerability Management activities and provide enrichment where possible) Any of the following certifications are desirable Splunk Phantom certified admin, Splunk Core Certified Power User / Advanced, Splunk Certified Enterprise Security Admin, etc The individual MUST currently be living in the UK and be able to achieve UK security clearance. (SC) Looking to interview immediately. Arrange a call https://calendly.com/chris-holt/arranged-call-with-chris-holt-soc-role- Chris.Holt@dclsearch.com