Ransomware Group Now Leaking Data Stolen From ‘Embraer’

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer
Source: Embraer

It appears that all ransomware infections go through the same set of “typical stages” nowadays. The first stage is denying anything serious, the second is leaking stolen data on dedicated Tor portals. The third is the fully-fledged acceptance with notifications to data protection offices and the launching of an in-depth investigation.

For Embraer, the largest aerospace and aeronautical company in Brazil and one of the largest in the world, things are unfolding precisely like that, and we are now at the stage of the data leak.

The attack occurred on November 25, 2020, but at first, the company remained silent about it. Embraer employees who were working remotely found themselves locked out of the corporate network, so it became clear that something has happened. On November 30, 2020, the firm was obliged to issue a public statement about the cybersecurity incident, downplaying the effects and denying the possibility of data exfiltration.

With the data leaked on the dark web now, we know that Embraer was hit by the ransomware group known as “RansomExx” (also known as “Defray777”). The stolen data includes internal development programs, prototype designs, images, schematics, software source code, flight simulation results, partner contracts, and even employee details. ZDNet has accessed the data directly and confirms that it all appears to be valid.

Source: ZDNet

Embraer didn’t comment on the data leak yet, and likely, they didn’t expect RansomExx to leak anything online as the particular group didn’t do this before. In fact, the actors set up the leak portal only this weekend, and it appears that they have victimized another two firms besides Embraer. So, essentially, RansomExx comes as yet another addition to an already-crowded space of hackers who engage in blackmailing companies.

In the meantime, Embraer has just announced that its commercial aircraft division is no longer for sale and that the firm will remain focused on the small jets sector. The new, turboprop-powered "E175-E2" is expected to enter the market by H2 2023, and there’s a prototype of the upcoming model already flying around. This announcement has resulted in the aviation firm’s shares climbing in value by 14%, but the data leak’s impact has not manifested yet.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: