The Daixin ransomware gang recently claimed an attack against a Malaysian airline firm AirAsia Group, an advisory that came to light after the threat group had added the firm to their list of victims. Daixin said that the stolen databases from AirAsia include 5 million unique passengers’ and employees’ data.
Two databases have also been shared by the ransomware group, with the first containing data of the airline firm’s passengers and the second containing employee information. The alleged compromised sensitive employee database includes full names, birthdates, employment dates, and locations, among others.
AirAsia Group had allegedly responded to Daixin’s attack with questions on how the gang would ensure the safety of their stolen databases, although researchers are uncertain whether the firm did pay. The airline firm also requested samples to confirm the security breach, which Daixin had provided.
Daixin stressed that they had avoided encrypting AirAsia’s files critical to people’s lives and safety during the ransomware attack.
A Daixin gang representative stated that their team had not locked the airline firm’s hosts of flying equipment, such as radars and air traffic control. The gang intends not to endanger people’s lives by evading actions that could threaten people’s lives.
Researchers were taken aback by Daixin’s news that AirAsia Group’s poor network organisation had made them break off from attacking them further. After encrypting many of the airline firm’s resources, Daixin said they were bothered by the chaotic network organisation of the firm and were reluctant to repeat the ransomware attack.
Thus, it could be presumed that the airline firm’s poor network security and management had luckily spared them from further attacks from the ransomware group.
Nevertheless, the ransomware group stated they plan to release AirAsia’s network information for free on underground forums, alongside leaking the stolen passenger and employee data. A part of the data leak threat is Daixin’s disclaimer of not being responsible for all negative consequences that would transpire.
The airline firm has not published any comment or statement regarding the alleged ransomware attack. Our security researchers in iZOOlogic would follow this report and share updates as they become available.