Cyber Incident Victim: Japan Airport Fueling Service
Date:
Jun 2021
Location:
Japan
Summary
Japan Airport Fueling Service experienced a ransomware attack that disrupted its internal network operations, with attackers demanding payment to decrypt compromised server data. The incident investigation found no evidence of data exfiltration, though specifics regarding the ransomware variant or potential data exposure were not disclosed. Despite the network disruption, the company confirmed that critical refueling operations and other business activities continued without impact throughout the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 21, 2021, Japan Airport Refueling Co. (JAFS), a provider of aircraft refueling services, experienced a ransomware attack that disrupted its internal network infrastructure in the early morning hours. The company detected the incident when its network systems failed, prompting an immediate investigation. Forensic analysis confirmed unauthorized access and encryption of server data by ransomware operators, who subsequently issued a decryption ransom demand to the organization. JAFS publicly acknowledged the cyberattack through a press release featured on its website homepage, which was later reported by Security NEXT. The company emphasized that critical refueling operations at airports remained fully functional throughout the incident, with no disruption to aircraft servicing or related business activities. No evidence indicated that threat actors exfiltrated sensitive data prior to encrypting systems, though the organization did not disclose whether customer, employee, or operational datasets were accessed during the breach. The ransomware variant involved in the attack was not identified in available disclosures.
JAFS maintained business continuity during containment and recovery efforts, implementing unspecified security measures to isolate affected systems while preserving refueling workflows. Technical specifics regarding the attack vector, duration of network compromise, and decryption methodology were not released to the public. The company's transparency focused primarily on operational impacts rather than forensic details, confirming the ransomware's confinement to internal servers without spillover effects on physical fueling infrastructure. Security NEXT's reporting highlighted the absence of data theft claims in the ransom demand, distinguishing the incident from double-extortion tactics commonly observed in contemporaneous ransomware campaigns. JAFS concluded its initial statement by reaffirming uninterrupted service delivery across all business functions despite ongoing remediation work. No further updates regarding financial losses, recovery timelines, or law enforcement involvement were documented in the primary source material.