COMMUNICATIONS & PR OFFICER

The Malaysian low-cost airline belonging to AirAsia had some of its data leaked by the cybercrime group known as Daixin Team, following a ransomware attack earlier this month.

The leaked data represents only a sample, as per the threat actors` claims, when in fact the stolen information belongs to five million unique passengers and all of the company`s employees. The published samples seem to confirm these allegations, as they include passenger information and the booking IDs as well as personal data related to the company’s staff, which further.

Source

Irritating the Attackers

According to Daixin’s spokesperson, AirAsia had a rather quick response to the attack, asking the Daixin negotiator for an example of the stolen data and asked in great detail how it would be deleted in case of payment.  AirAsia apparently did not try to negotiate the amount, which may, in fact, mean they had no intention of paying the ransom.

The actual amount demanded in exchange for the decryption key and deletion of all exfiltrated data is not known.

The same spokesperson claimed that further attacks were not pursued due to AirAsia’s poor security measures and chaotic organization of the network.

The chaotic organization of the network, the absence of any standards, caused the irritation of the group and a complete unwillingness to repeat the attack. […] The group refused to pick through the garbage for a long time. As our pentester said, “Let the newcomers sort this trash, they have a lot of time.”

Source

Previous Mentions

Daixin Team was recently the subject of an advisory from the U.S. cybersecurity and intelligence agencies, which warned of attacks mainly targeting the healthcare sector, with victims such as Fitzgibbon Hospital, Trib Total Media and OakBend Medical among others.

When it comes to airlines being victims of cyberattacks, AirAsia Group is not the only Malaysian air carrier to suffer a breach. A security breach occurred via a third-party IT service provider exposing data of the Malaysia Airlines Enrich program between March 2010 and June 2019.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

More and More Companies Are Getting Hit with Ransomware [2021-2022]

CISA: Daixin Team Is Targeting U.S. Healthcare in Ransomware Attacks

The Most Relevant Ransomware Statistics and Facts of 2022

How to Prevent Ransomware?

State-sponsored Threat Actors Steal Airline Data Using the Slack API

Ransomware Explained. What It Is and How It Works

Ransomware Payouts in Review. Highest Payments, Trends & Stats

A Nine-Year-Long Data Breach was Disclosed by Malaysia Airlines

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP