Ransomware infection at part of Airbus works council (Oct. 2021)

Sicherheit (Pexels, allgemeine Nutzung)[German]The LockBit ransomware group is threatening to release data captured in a ransomware infection at European aircraft manufacturer Airbus-Industries. This is believed to be the website and data of the Airbus Staff Associations (an organization surrounding the works council), which provides Airbus employees with opportunities to engage in sports, culture, recreation, and solidarity. The impact is limited to the computer network of this entity. 


Airbus had already been the victim of a cyber attack in 2019. Now it seems there has been another attack on a unit at Airbus. I became aware of the case on Twitter via this tweet. The website lemondeinformatique.fr reports details in this article.

Ransomware infection at Airbus

The Lockbit backers threaten to publish data captured in a ransomware attack unless a ransom is paid for the AISA website. AISA is the website of Airbus Staff Associations , where employees can benefit from cheap rates for sports, cultural and recreational activities (badminton, chess, pétanque, martial arts, etc.).

After the attack, the AISA website was temporarily unavailable, but is now accessible again. Jean-Claude Mamar, founder and executive president of AISA stated in a post on the website a few days ago:

Dear friends, AISC/AISA is currently experiencing an IT problem: the IT servers are no longer operational. The resolution of this problem is underway and should take a few days.

The lockbit cybergang behind this attack threatens via countdown to release the captured data on October 11, 2021 18:46:00 (the time zone is not specified) if no ransom is paid.


Airbus itself not affected

The way I see it, Airbus itself is not affected by this cyber attack. The French medium had checked with the company and an Airbus spokesperson explained that the works council of the central Airbus unit (Airbus Staff Associations) informed the group about an IT security incident on October 5, 2021 and an investigation was launched. It states:

The AISC servers were shut down as soon as the incident was discovered. All existing network connections with Airbus have been identified and terminated. There is no impact to Airbus. AISC is an independent entity from Airbus and as such has its own network, separate from Airbus IM, managed by AISC suppliers. Airbus employees have been informed and their privacy is our priority.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *