Ransomware halts production for days at major airplane parts manufacturer

Nearly 1,000 employees sent home for the entire week, on paid leave.
Written by Catalin Cimpanu, Contributor
Image: ASCO

ASCO, one of the world's largest suppliers of airplane parts, has ceased production in factories across four countries due to a ransomware infection reported at its plant in Zaventem, Belgium.

As a result of having IT systems crippled by the ransomware infection, the company has sent home approximately 1,000 of its 1,400 workers.

ASCO planned for an initial downtime from Monday to Wednesday, but Belgium media reported [1, 2, 3, 4, 5] that the impromptu leave has been extended for the entire week, including the upcoming weekend.

Plants in four countries have been shut down

Per reports, the infection took root last Friday, June 7, and initially hit the company's Zaventem plant in Belgium, but ASCO also shut down factories in Germany, Canada, and the US.

Non-production offices located in France and Brazil were unaffected.

It is unclear if the company shut down operations at other factories because the ransomware managed to spread, or just as a precaution.

The former scenario might be the most plausible, as factories can be easily isolated from one another, without stopping production.

An ASCO spokesperson could not be reached via phone, and the company did not return an email requesting additional information and clarifications.

One of the most important airplane parts manufacturers

ASCO is one of the world's most important supplier of airplane parts and parts designs. Some of the company's clients include the biggest names in the airline transportation and military sectors, such as Airbus, Boeing, Bombardier, and Lockheed Martin.

ASCO-made parts are used for the F-35 fighter jet, the Airbus A400M military aircraft, Airbus and Boeing commercial passenger jets, and Ariane space launch rockets, just to name a few.

The name of the ransomware strain that infected the company's Belgium plant was not made public.

Unlike aluminum producer Norsk Hydro, who was hit by a similar ransomware attack earlier this year and provided constant updates about the incident, ASCO has been very quiet about its dealings.

Ironically, despite announcing that the ransomware attack caused losses worth nearly $40 million, Norsk Hydro stock gained value during the ransomware recovery process because of the company's open and candid incident reporting.

It is unclear if ASCO has already paid the ransom to recover access to its systems, is restoring from backups, or buying new systems and rebuilding its computer network from scratch, like some other ransomed companies did in the past.

Cybercrime and malware, 2019 predictions

Related malware and cybercrime coverage:

Editorial standards