Nearly 1,000 employees in ASCO’s Zaventem, Belgium, office have been left incapable of doing their jobs after a ransomware attack crippled the aircraft-parts manufacturer, according to a June 11 report from vrt NWS.
“From the ISF’s standpoint, everyone who has access to an organization’s information and systems should be made aware of the risks from ransomware and the actions required to minimize those risks,” said Steve Durbin, managing director of the Information Security Forum.
“The bottom line is that if you can’t do without the information and you don’t have a backup, then paying is the only option you have left to recapture your data. Therefore, prevention is the way to go to better protect yourself.”
ASCO temporarily shut down operations at its headquarters in Zaventem in the aftermath of the attack, as was reported by Data News.
Spirit AeroSystems acquired ASCO, a Belgian organization, in 2018. Spirit AeroSystems reportedly said that it would also temporarily cease production in other countries, according to a June 13 post from Tripwire.
“Initially, ASCO merely disclosed that someone had hacked its servers. It did not supply additional details at that time….As of this writing, it’s unclear what ransomware family was responsible for the infection or how it gained access to ASCO’s network,” Tripwire’s David Bisson wrote.
“This latest ransomware attack against a critical supplier of airplane parts is another reminder on how destructive ransomware continues to be to organizations,” said Joseph Carson, chief security scientist at Thycotic.
“Ransomware, however, should be a lower risk to businesses if they follow common industry best practices such as the introduction of a solid incident response plan, backup and recovery practice, cybersecurity awareness training and strong privilege and access management controls to limit administrator access.”
“Supply chains are difficult to secure. They create risk that is hard to identify, complicated to quantify and costly to address. A compromise anywhere in the supply chain can have just as much impact on your business, your bottom line, and your reputation, as one from within the organization.”
Source: Infosecurity Magazine