Embraer has leaked data after infection by the same ransomware that hit the STJ

The Brazilian Embraer, one of the main aircraft manufacturers in the world, behind only the American Boeing and the Dutch Airbus, had employee data and administrative record information leaked after being infected by ransomware.

According to ZDNet, which found the data available on the RansomExx group website (formerly Defray777 – the same responsible for the STJ ransomware), a Embraer preferred to restore backups instead of paying for the ransom of encrypted files.

For this reason, cybercriminals decided to publish some files as a sample, to confirm that Embraer was hacked by them and that the stolen data is legitimate. A very common practice among criminal groups that organize ransomware attacks.

Embraer made the situation public five days after realizing it was infected, on November 30th. In a note addressed to the company’s investors, Embraer informs suffered a cyber attack, but that this would not have affected the company’s productivity. According to the vice president, Antonio Garcia, who signs the document, the attack “made access to only a single archive environment of the company unavailable”.

The data found by ZDNet on the dark web includes employee information, commercial contracts, flight simulation photos and source code, in addition to other types of company market intelligence data. A total of 460 megabytes content, divided into 10 different categories.

Embraer’s data was published together with that of two more companies on Saturday (07), on a website managed by the cybercriminal group itself.

RansomExx

RansomExx is an updated version of Defray777, a famous ransomware that has already infected large companies and public bodies such as the Texas Department of Transportation in the USA and Konica Minolta, IPG Photonics and Tyler Technologies. In Brazil, it first appeared in early November, with the case of Superior Court of Justice (STJ).

Source: ZDNet and Bleeping Computer.