Brazilian company Embraer, considered today’s third-largest airplane maker after Boeing and Airbus, was the victim of a ransomware attack last month.
Today, hackers involved in the intrusion have leaked some of the company’s private files as revenge after the airplane maker refused to negotiate and instead chose to restore systems from backups without paying their ransom demand.
The Embraer files were shared on a website hosted on the dark web, managed by the RansomExx (also known as Defray777) ransomware gang.
Data uploaded on this site included samples of employee details, business contracts, photos of flight simulations, and source code, among others, according to samples reviewed by ZDNet.
Today’s leak confirms that hackers managed to steal data from the company’s servers. Embraer issued a press release last week, admitting to a security breach, but did not confirm that the incident involved neither ransomware nor data theft.
The airplane maker said the attackers had “access to only a single environment,” and that the incident caused only a temporary impact on “some of its operations.”
An Embraer spokesperson did not return a request for comment sent by ZDNet today, following the leak.
RansomExx gets a “leak site”
Embraer is also one of three companies that had their data leaked over the weekend on the RansomExx leak site, launched on Saturday.
The RansomExx gang now joins a long list of ransomware gangs that run leak sites.
Ransomware gangs use leak sites as a way to put pressure on victims. During negotiations, companies are told that if they don’t pay the attacker’s desired ransom demand, the attackers will leak data online as a form of punishment, so it can be downloaded by competitors, or that companies face regulatory punishments in their countries.