Asco Ransomware Attack: Dutch Aircraft Parts Maker Discloses Details

Asco, a Belgium aviation equipment maker, confirmed it had been hit with a “large scale” ransomware attack a week after a local outlet disclosed the incident, a new report said.

The infection reportedly hit Asco’s systems on Friday, June 7, and initially involved the company's Zaventem plant in Belgium. Asco also temporarily closed plants in Canada, Germany and the US. Non-production facilities in France and Brazil were unaffected.

The cyber kidnap affected its 1,000 of Asco’s 1,400 employees, Data News first reported, citing trade union sources. While Asco acknowledged the hack soon after it occurred, the company declined to provide any additional information until now. It did say it has hired outside security specialists, likely managed security service providers, to help its internal security team investigate the system hijack.

“As a precautionary measure, all systems have been quarantined and the activities at all of our sites in Belgium, Canada, the United States and Germany were stopped,” the company said in a statement. (via ComputerWeekly). So far there’s no evidence that any information has been pilfered in the cyber kidnapping.

Asco reportedly claimed it delayed verifying the attack because it wanted to ensure the “sustainability and quality” of the mitigation actions. It expects its systems will be operational at some point this week. So far, the company hasn’t provided any details about the ransom, if any, the extortionist demanded.

“We take an approach of extreme caution as we cannot accept an impact on the security of the systems,” Asco said.

In the ransomware attack’s immediate wake Asco’s response contrasts with the transparency offered by Norsk Hydro, a Norwegian aluminum supplier, which suffered a major ransomware cyber attack three months ago that took down the company’s entire worldwide network, affecting operations and production worldwide. In that instance, Norsk quickly acknowledged that it had been hit by ransomware, issued a statement, offered a webcast update on the situation and opened a Facebook page for regular updates. The company said it had good backup solutions and will leverage those to re-install backup data rather than pay the ransom.

Asco officials said that as its investigation of the event deepens and it operations normalize it will speed up the flow of information regarding the event. “As we gradually restart our operational activities over the course of the following days, we will keep our employees as well as the involved clients, suppliers and other stakeholders,” the company said. Asco intends to launch a website to provide regular updates.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.