Thycotic Comment: Embraer ransomware attack
December 2020 by Joseph Carson, chief security scientist at Thycotic
Following the news around aerospace company Embraer revealing a suspected Ransomware attack - Joseph Carson, chief security scientist at Thycotic offers the following comment:
While Embraer refers to it as a data breach, this is all too common with ransomware - it is no longer just about encrypting files but also stealing the data so it is a multifunction weapon. If a company has a solid backup to restore systems then the criminal gang can threaten to disclose very damaging data that could directly impact the stock price, brand, employees and potential customers. It does indicate that backup systems have also been impacted, which is another common weapon with ransomware: going after online backups to do as much damage as possible.
Hopefully Embraer has a multi backup strategy maintaining solid backups offline as well to keep those protected from malicious attacks. A backup strategy is only good when it is protected from cyberattacks with strong offline media, disaster recovery considerations and access controls. Companies must take ransomware very seriously as it is going to continue to be one of the biggest cyber threats to companies in 2021. Remember, it only takes one employee with local admin privileges clicking on a malicious email attachment to take down an entire company.
At a time when many employees are working remotely, when systems go offline due to a ransomware attack then employees will be in the dark about what is going on. Organisations’ support desks will be overwhelmed by a massive influx of employees trying to find out what is going on, which could result in a self-inflicted DDoS-style attack to their own support team. Let’s hope that Embraer has taken cybersecurity seriously and will be back and running as quickly as possible, showing that companies are more resilient to ransomware attacks.