Companies from all around the world are constantly under threat from cybercriminals. Many big companies were attacked by ransomware, including, for example, Acer, Accenture, CD Projekt Red, Ferrari, and many others. As far as we know, this ransomware attack was probably the most damaging one for AirAsia.
What is ransomware? According to Trellix:
Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access. Ransomware is often designed to spread across a network and target database and file servers and can thus quickly paralyze an entire organization.
Lowyat.net reported that AirAsia has become a victim of the Daixin ransomware group.. All of the company’s employees’ personal information as well as that of five million unique passengers has been exposed as a result of the attack, which appears to have occurred over the course of two days earlier this month.
The US government said that for the past few months, the group has been actively pursuing American companies, particularly those in the healthcare and public health industries.
Usually in this situation, companies will find other ways to recover the data, but AirAsia actually responded to Daixin according to DataBreaches.net. The company didn’t try to negotiate with the group though. Curiously, the ransomware group said that they are not encrypting or destroying data that can be life-threatening.
The thing that saved AirAsia from further devastation was AirAsia’s poor organisation on the network. Daixin said that they were very irritated by it and demotivated the group. They also added:
The internal network was configured without any rules and as a result worked very poorly. It seemed that every new system administrator “built his shed next to the old building.” At the same time, the network protection was very, very weak.
This is probably the first time in history where poor security and incompetency actually helped.
Also, we believed AirAsia made no payment to the group because they are planning to leak all the data and let everyone knows that there are backdoors into AirAsia’s group network.