The latest in a long line of cyberattacks orchestrated by Maze Ransomware is the aerospace device provider- V.T. San Antonio Aerospace (VT SAA). VT SAA is a Texas-based aerospace service provider, which is a subsidiary of Singapore-based technology firm S.T. Engineering.
The threat actors have claimed responsibility for the hacking a massive 1.5 terabytes of classified and private data stolen during the breach.
The Vice president and general manager of the firm, Ed Onwe, stated that “a sophisticated group of cybercriminals, known as the MAZE group, gained unauthorized access to our network and deployed a ransomware attack.” This serves as the second attack from the hackers with the first attack dating back to 7th March.
A folder location was the key to the discovery of the breach; renamed files and associated ‘DECRYPT-FILES.txt’ located in the same folder as encrypted files.
Following the breach, the company immediately took steps to minimize the fallouts. They took some systems offline, alerted law enforcement agencies, and sought forensics advisors investigating the threat.
The company continued inspections of the breach and also recovered lost data. They contained the “infection” and realized that targeted areas were mostly S.T. Engineering’s U.S. commercial operations.
Details about the stolen data have not been released yet, but it is assumed that data such as company’s financial record, schedules, a line up of projects, and exclusive contracts details signed with government parastatals like NASA, American Airline, etc., might be included.
The hackers M.O involve stealing data (which will be used as ransom) before injecting a payload and encrypting the data in the victim’s system.
Right now, the stolen 1.5terabytes of data is being used to force the “hands” of the company.
MAZE ransomware can be introduced into a system via phishing emails. Once contact is made, data is stolen for ransom and the encryption process follows suit. Failure to meet up to their demands results in data being leaked. The MAZE ransomware operators target prominent companies and hope to pressurize them into paying.