Cyber Incident Victim: Asteelflash

Asteelflash, a prominent French electronics manufacturing services company specializing in circuit board design and production, experienced a cyberattack by the REvil ransomware group (also known as Sodinokibi) around early April 2021. The ransomware gang established a Tor negotiation page accessible via a leaked ransomware sample, revealing their initial $12 million ransom demand, which doubled to $24 million after a specified deadline expired. Attackers provided evidence of data exfiltration by sharing a compressed file named 'asteelflash_data_part1.7z' containing stolen documents, with metadata confirming employee authorship of some files. This tactic aligned with REvil's established pattern of stealing data prior to encryption to pressure victims through threats of data exposure. The Tor page logs indicated stalled negotiations between the threat actors and Asteelflash, with no public disclosure of the company's response strategy.

BleepingComputer discovered the compromise through analysis of the REvil sample but could not verify whether file encryption succeeded on corporate systems. Asteelflash provided minimal official commentary, with one representative telling LeMagIT the incident remained under evaluation. Multiple outreach attempts by BleepingComputer received no response. The attackers' use of data theft as leverage reflected broader ransomware trends observed since 2020, where exfiltrated information supplemented encryption-based extortion. No technical details regarding attack vectors, compromised systems, or operational disruptions were disclosed publicly. The incident's resolution status remained unclear, with the ransom unpaid and no subsequent data leaks confirmed at the time of reporting.