The “LockBit” Ransomware Gang Hit Helicopter Manufacturer ‘Kopter’

  • The Swiss helicopter maker that is now under Italian ownership got compromised by the LockBit group.
  • The hackers claim that taking over one of the firm’s VPN accounts was fairly easy, as there was no 2FA.
  • Kopter has not publicly admitted any cybersecurity incidents or data breaches yet.

‘Kopter,’ the Swiss helicopter designer and manufacturer that was recently bought by the Rome-based ‘Leonardo Finmeccanica’ (maker of Agusta), suffered a data-breaching ransomware attack. According to ZDNet, the actors are hackers of the “LockBit” group who are already leaking sensitive documents on their dedicated extortion portal.

Kopter has been going through several organizational changes this period, with the appointment of a new CEO three weeks ago. Hence, they were not exactly well-prepared against ransomware attacks from sophisticated actors.

LockBit claims that they have managed to break into Kopter’s systems by exploiting the company’s VPN solution. The password they cracked was fairly weak, and there was no two-factor authentication set up, so they didn’t even have to bypass it. This combination of bad security practices makes up for the perfect storm, as Kopter was apparently using an outdated VPN and didn’t even bother to enable 2FA on employee accounts.

Source: ZDNet

The ransomware actors told reporter Cimpanu that someone from Kopter accessed the Tor ransom page, but they didn't engage on the chat window meant to help the victims get through the payment process.

From their side, the company has not publicly admitted a cybersecurity incident, nor have they sent notifications of a breach to any partners. Whether or not their operations have been disrupted and to what level remains unknown at this time.

Source: ZDNet

LockBit has compromised firms in the recent past by exploiting widely-known vulnerabilities in the Pulse Secure VPN solution, like the CVE-2019-11510, for example. It is possible that Kopter was using the particular product, many outdated versions of which remain deployed out there despite the numerous warnings that come from every side.

Kopter could continue to pretend that nothing serious has happened, and even if their production is disrupted, it’s not that anybody is going to notice. The risk here comes in the form of having patented tech and supplier contract details exposed. Moreover, ransomware actors can go to the extent of informing the Italian GDPR officer of the data breach, which could incur hefty penalties for the firm.

REVIEW OVERVIEW

Latest

Demon Slayer: Why Does Tanjiro Have a Scar?

If you haven't watched the latest season of Demon Slayer: Kimetsu no Yaiba, everything below is a spoiler!...

Demon Slayer – Kimetsu no Yaiba: Why Does Tanjiro Have a Black Sword?

In the Kimetsu no Yaiba verse, all Demon Slayers are gifted with their own personal Nichirin Blade once they pass the final...

How To Watch F1 Live Stream on Firestick in 2022

Amazon's Firestick (Fire TV Stick) comes with thousands of high-quality apps available via the Amazon App Store. So, if you want to...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari