Maze Ransomware Targets VT San Antonio Aerospace

US aerospace services provider VT San Antonio Aerospace was targeted by the Maze Ransomware gang in March 2020.

1.5 TB of unencrypted files and sensitive data was reportedly stolen and now available on public domain in a massive data breach which was discovered on Jun 5. 

The stolen data includes details of project implementation plans, schedules and timelines, also financial records and contract details with government organisations like NASA and the airlines.

CYFIRMA CEO Kumar Ritesh stated that “Hackers used Maze ransomware for their campaign. Maze is a malware that hackers can embed into phishing emails. When a victim opens these emails, the Maze malware infects the machine and starts encrypting files. Once this is completed, a ransomware demand is made,” 

The hackers gained access through remote desktop connection using a compromised administrator account attacking the organisation’s intranet servers, file server on two domains and domain controllers.  

VT San Antonio Aerospace Vice President and General Manager Ed Onwe confirmed in a statement that cyber criminals called the Maze group had gained unauthorised access to the company’s network and carried out a ransomware attack. recommend to keep the operating systems and application software updated.  Employees must be instructed and trained to refrain from opening unsolicited emails and clicking on popup ads to stay protected.