zephyr_p - stock.adobe.com
The attack came two months after the European Commission approved the acquisition of the company by US-based Spirit Aerosystems, but neither company released any statements, despite reports that the company’s 1,400 employees around the world were unable to work.
Asco has now confirmed the ransomware caused “a serious disruption” of all activities and impacted the company’s communication systems.
“As a precautionary measure, all systems have been quarantined and the activities at all of our sites in Belgium, Canada, the United States and Germany were stopped,” the company said in a statement.
Asco has not provided any detail of what type of ransomware was involved, but said that “because of the specific nature of the attack”, the company wanted to assess every individual IT system in an attempt to avoid compromising security, while guaranteeing the “sustainability and quality” of the mitigation actions.
Although the company appears to have lost a week’s production already, Asco said all those involved in investigating the ransomware attack have “taken control over the incident” and are committed to “reducing the consequent impact” on business activities.
The company did not explain why it has taken so long to acknowledge the ransomware attack, but said: “We take an approach of extreme caution as we cannot accept an impact on the security of the systems.”
Read more about ransomware
- Ransomware attacks are becoming more targeted and designed to infect different sized organisations in specific industries and regions, say security researchers.
- Ransomware recovery is a complex and expensive process, and an attack can happen to anyone. Taking precautions and acting early could save your data – and a good amount of money.
- Cryptojacking has taken over from ransomware as the top money spinner for cyber criminals, but the threat is not over.
- How to protect backups from ransomware infiltration.
Asco seems to expect a restoration of operations this week, saying that it has “installed several work streams to allow a safe and secure restoration of our systems in the different sites”, adding that the company is “gradually rolling out our business continuity strategy to restore operations”.
The company said the forensics investigation is ongoing, but noted that there has so far been no evidence of the exfiltration of any information or the non-recoverable loss of it.
The attack comes less than a month after Nowegian aluminium producer Norsk Hydro was hit by a LockerGoga ransomware attack that cost the company up to $40m in the first quarter and could cost as much as $28m more in the second quarter, according to latest estimates.
Norsk Hydro has not announced how much its cyber insurance will amount to, but said payments could start appearing in results in the third quarter, reports Reuters.
Asco’s response has been contrasted with that of Norsk Hydro, which was widely praised for its response to the ransomware attack. Norsk Hydro was quick to report the attack, saying it would not pay any ransom and would work to restore operations using backed up data and switching to manual operations.
This underlined the importance of having good backups to enable companies to recover from ransomware attacks and other IT system failures.
The company has also been praised for its transparency about the attack and frequent updates, including regular media conferences in the wake of the attack.
Clarity, continuity and support
Asco has now stated that its priority is to provide clarity, continuity and support to its staff, clients, suppliers and partners.
“As we gradually restart our operational activities over the course of the following days, we will keep our employees as well as the involved clients, suppliers and other stakeholders,” the company said, adding that designated contact persons have established direct communication with their contact persons from clients, suppliers and partners.
The company said it was in the process of putting together a page on its website to provide additional information.
It remains to be seen whether Asco, like Norsk Hydro, had effective backup and recovery systems in place and whether or not the company has cyber insurance in place that will help soften the financial impact of the ransomware attack.
The fact that Asco had to shut down operations across four countries underlines that devastating impact a ransomware attack can have, said Darren Williams, CEO and founder of BlackFog.
“Most importantly, it teaches us an important lesson that if hackers are determined to get in, they will find a way to do so. It is crucial companies have a layered approach to security that goes beyond stopping hackers getting in or just cleaning up the mess after they’ve already done damage.
“The real challenge is stopping hackers getting out with valuable data, and this is key to mitigating against the reputational and operational consequences of a breach.”