A leading airline technology provider has confirmed that they were the target of a ransomware attack. Accelya announced earlier this week that information exfiltrated from their systems was made available on the AlphV/Black Cat ransomware group leak site. The group alleges that they have access to an abundance of data including emails and work contracts among other information. The rest of the affected data is being reviewed and customers will be notified in the coming weeks if they are suspected to be a victim of the attack. Accelya believes their security partners were able to contain the threat before it affected other areas of their environment.
AlphV/Black Cat has been very busy this year with numerous attacks in various industries that include local governments, colleges, energy companies, and has now moved on to the airline industry. In the current threat environment, it is likely ransomware groups will continue to create costly disruptions for companies of all industries and sizes. Financially motivated threat actors most often prioritize those organizations that do not have the proper protections in place. Storing copies of important data offline and regularly testing the backup process, maintaining systems with up-to-date patching, and deploying an up-to-date EDR and MDR solution will help a considerable amount in reducing the effects of an attack. A 24/7 monitoring solution like the one that is offered by Binary Defense and the Security Operations Center should be considered when determining a defense solution as well. Appropriate detection of network intrusions and suspicious activity, facilitated by the Threat Hunting services offered by Binary Defense, can save considerable time and money during recovery.