TAG Aviation is a well-known name in business and luxury aviation. Based at Geneva Airport, the company says it operates in 13 locations across Europe and Asia and “prouds an international service that is unparalleled in the world”.
A look at the company’s website shows very prominent clients from the past, such as the Swedish tennis legend Björn Borg or the acting star couple Alain Delon and Brigitte Bardot.
The company, which specializes in corporate charter flights, is currently facing a hacker attack with potentially devastating consequences. Upon request, it confirms corresponding research by watson.
On May 21, the Intrusion Detection System (IDS) detected an unauthorized attempt to access the network. As a result, some IT systems were affected by a ransomware attack, i.e. encryption.
At the same time, those responsible are trying to put the seriousness of the cyber attack into perspective. The “IT security incident” is limited to “Asia”. Countermeasures were immediately taken and a service specialized in cybersecurity was called in. This external partner “has conducted a forensic investigation into the incident and the data involved”.
In addition, additional security measures have been put in place to protect the network from future attacks, the statement said.
However, another sentence from the statement sent by email makes you sit up and notice:
Unknown cybercriminals have even published several screenshots on the dark web, allegedly showing passports and other internal or confidential data.
It is also alleged that the perpetrators have stolen a very large amount of data of several terabytes (TB).
When asked, a spokesperson for the company confirmed that TAG Aviation Europe was not affected.
The case is special because the cybercriminals behind the hacker attack and alleged data theft initially did not make themselves known.
Who is behind the hacker attack?
updated: TAG Aviation has confirmed Watson research showing that the ransomware attack can be traced back to the account of the well-known Black Basta group.
Typically, ransomware gangs post an announcement on their own dark web leak site when victims are unwilling to comply with the extortion. To increase the pressure on victims who do not want to pay, stolen data is threatened with disclosure.
In the present case, the Threatening to specifically name the victim on a dark website operated by supposedly independent third parties. watson refrains from mentioning the site here.
The unknown operators claim to be looking for buyers for the stolen data on behalf of the hackers. They had nothing to do with the original law.
A post late last week on the self-proclaimed data broker’s dark web site says in rather awkward English:
The investigation is ongoing, TAG Aviation said in its statement, and is working with consultants and law enforcement agencies to minimize the impact of the ransomware attack.
Those responsible assure:
Source: Watson
I’m Ella Sammie, author specializing in the Technology sector. I have been writing for 24 Instatnt News since 2020, and am passionate about staying up to date with the latest developments in this ever-changing industry.
