HQ/EMEAFind out how we can help your business
Our monitoring team in iZOOlogic have recently discovered a new threat published by the Medusa ransomware group on their leak website, involving a Singaporean manufacturing facility ‘Diethelm Keller Aviation.’
Medusa ransomware adds the manufacturing facility to its list of victims, with a countdown on the page indicating when the group would leak the company’s stolen data should they fail to pay the ransom demands. At the time that our team discovered the post, the countdown had two days and a couple of hours left in its clock.
With over 20 years of business, Diethelm Keller Aviation is one of the leading forefronts in engineering innovations serving clients across Asia. The company’s products include in-flight service carts, folding trolleys, baby bassinets, and drawers. Meanwhile, they also offer professional engineering and technical consultation and technical publications.
Medusa ransomware obtained company databases from the manufacturing facility.
Based on our threat monitoring team’s observations, Medusa acquired a database of the manufacturing facility’s internal files. These stolen files include certifications, internal audit data, safety management measures, controlled documents, and project designs, among others.
The targeted company have yet to release any comments about the ransomware group’s claims about hacking them, while the group have not also mentioned the specific amount of ransom they are demanding from Diethelm Keller Aviation.
First spotted in the wild last September 2019, the Medusa ransomware group began their malicious activities by attacking Windows machines. Once a machine is infected with the malware, it will encounter a boot-up fail, delete shadow volume copies and backups, maintain persistence, disable recovery mode, terminate active processes, create Mutex, and boot the machine in Safe Mode.
Two of the critical features of the malware include file encryption and disabling an infected computer’s usage capabilities.
Medusa’s claims of hacking the manufacturing facility are not yet confirmed despite the screenshot they shared of the data they allegedly acquired from the company. Diethelm Keller Aviation’s official website is still up and running at the time of writing.
Our team will continue to probe this issue for development.
