Dassault Falcon Jet reports data breach after ransomware attack


Dassault Falcon Jet has disclosed a data breach that may have led to the exposure of personal information belonging to current and former employees, as well as their spouses and dependents.

Dassault Falcon Jet is the US subsidiary of French aerospace company Dassault Aviation which designs and builds military aircraft, business jets, and space systems.

The Dassault subsidiary has 2,453 employees and it is focused on marketing and providing aviation and maintenance services for Falcon aircrafts on the American continent.

Dassault Aviation reported revenues of €7.3 billion in 2019 and it has delivered more than 10,000 military and civil aircraft to over 90 countries.

Subsidiaries also impacted

Dassault Falcon Jet discovered the incident on December 6th, 2020, and sent a data breach notification letter to impacted current and former employees on December 31st.

According to media reports and the dates of breach reported by the company, the attackers maintained access to Dassault Falcon Jet’s systems for roughly six months, between June 6th and December 7th.

The Ragnar Locker operators who infiltrated the company’s systems were also able to infiltrate the network of several Dassault Falcon Jet subsidiaries.

The principal subsidiaries include Dassault Aircraft Services Corporation, Aero Precision Repair And Overhaul Company (APRO), Midway Aircraft Instrument Corporation, Dassault Falcon Jet Do Brasil Limitada, and Dassault Falcon Jet Leasing.

“Upon discovery of this security incident, we immediately took all affected systems offline and engaged third-party cybersecurity experts to aid in our investigation, as we work to safely restore our systems in a manner that protects the security of your information,” the breach notification says.

The company is collaborating with law enforcement to investigate the incident and says that it has found evidence that the attackers may have stolen documents containing employees’ information.

The information belonging to employees may include their “name, personal and company email address, personal mailing address, employee ID number, driver’s license number, passport information, financial account number, Social Security number, date of birth, work location, compensation and benefit enrollment information, and date of employment.”

Their spouses and dependents’ information may include their “name, address, date of birth, Social Security number, and benefit enrollment information.”

Impacted systems restored and rebuild

While the company has not yet confirmed that the breach was due to a ransomware attack, LeMagIT reported in December that Ragnar Locker is the ransomware gang that was behind the incident.

Dassault Falcon Jet spokespersons were not immediately available for comment when contacted by BleepingComputer earlier today. 

The company also didn’t provide a reply to inquiries made by BleepingComputer last month.

However, the breach notification says that affected systems have been restored and rebuild after the incident.

“As we restore and rebuild systems, we are also strengthening the security protections in place to protect those systems and the data stored on them,” the company said.

The Ragnar Locker gang sent BleepingComputer the following screenshot on December 11th, 2020, containing a directory listing from one of the Dassault Falcon Jet systems breached during the attack (a heavily redacted version is available below).

Ragnar Locker ransomware was first observed while being deployed in attacks against several targets during late December 2019.

The operators are known for terminating remote management software (such as ConnectWise and Kaseya) used by managed service providers (MSPs) to remotely manage their clients’ systems, thus allowing them to avoid detection and preventing payload deployment from being blocked.

The FBI has warned private industry partners of increased Ragnar Locker ransomware activity following an April attack against multinational energy giant Energias de Portugal (EDP).

BleepingComputer has seen Ragnar Locker ransom demands ranging from $200,000 to roughly $600,000. In EDP’s case, Ragnar Locker asked for a ransom of 1580 bitcoins (the equivalent of over $10 million).

You May Also Like…