The “LockBit” Ransomware Gang Hit Helicopter Manufacturer ‘Kopter’

By Bill Toulas / December 5, 2020

‘Kopter,’ the Swiss helicopter designer and manufacturer that was recently bought by the Rome-based ‘Leonardo Finmeccanica’ (maker of Agusta), suffered a data-breaching ransomware attack. According to ZDNet, the actors are hackers of the “LockBit” group who are already leaking sensitive documents on their dedicated extortion portal.

Kopter has been going through several organizational changes this period, with the appointment of a new CEO three weeks ago. Hence, they were not exactly well-prepared against ransomware attacks from sophisticated actors.

LockBit claims that they have managed to break into Kopter’s systems by exploiting the company’s VPN solution. The password they cracked was fairly weak, and there was no two-factor authentication set up, so they didn’t even have to bypass it. This combination of bad security practices makes up for the perfect storm, as Kopter was apparently using an outdated VPN and didn’t even bother to enable 2FA on employee accounts.

Source: ZDNet

The ransomware actors told reporter Cimpanu that someone from Kopter accessed the Tor ransom page, but they didn't engage on the chat window meant to help the victims get through the payment process.

From their side, the company has not publicly admitted a cybersecurity incident, nor have they sent notifications of a breach to any partners. Whether or not their operations have been disrupted and to what level remains unknown at this time.

Source: ZDNet

LockBit has compromised firms in the recent past by exploiting widely-known vulnerabilities in the Pulse Secure VPN solution, like the CVE-2019-11510, for example. It is possible that Kopter was using the particular product, many outdated versions of which remain deployed out there despite the numerous warnings that come from every side.

Kopter could continue to pretend that nothing serious has happened, and even if their production is disrupted, it’s not that anybody is going to notice. The risk here comes in the form of having patented tech and supplier contract details exposed. Moreover, ransomware actors can go to the extent of informing the Italian GDPR officer of the data breach, which could incur hefty penalties for the firm.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: