Cyber Incident Victim: ASCO
Date:
Jun 2019
Location:
Belgium
Summary
A ransomware attack severely disrupted operations at a major aerospace component manufacturer supplying leading aviation firms, forcing production shutdowns across multiple international facilities. The incident led to approximately 1,000 employees being placed on paid leave due to crippled IT systems, with plants in Belgium initially affected before precautionary closures expanded to Germany, Canada, and the US. External experts were engaged to investigate while authorities were notified, though no data theft was confirmed despite the company's sensitive defense-sector connections. Operations remained suspended for over a week as restoration efforts continued.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A ransomware attack significantly disrupted operations at ASCO, one of the world’s largest aerospace component manufacturers, beginning on or around June 7, 2019. The company, which supplies critical parts to major aerospace firms including Airbus, Boeing, Bombardier Aerospace, and Lockheed Martin, experienced widespread production paralysis across its global facilities in Belgium, Canada, Germany, the United States, Brazil, and France. The initial infection targeted the Zaventem plant in Belgium, prompting ASCO to proactively shut down operations at additional plants in Germany, Canada, and the US as a precautionary measure. The ransomware’s impact on IT systems forced the company to send home approximately 1,000 of its 1,400 employees—nearly 70% of its workforce—for an entire week with paid leave. Production remained halted for at least one week as internal damage assessments continued, though the full scope of system compromises was not publicly disclosed at the time. Media reports indicated uncertainty regarding whether ASCO would pay the ransom to expedite system recovery or rely on backup restoration.
ASCO immediately engaged third-party cybersecurity experts to investigate the incident and reported the attack to local law enforcement, filing an official police complaint. Human Resources Director Vicky Welvaert confirmed the company had notified all competent authorities about the cyberattack but declined to specify whether operations were under control or provide timelines for resuming normal activities. While ASCO acknowledged the severity of the situation, company representatives told The Brussels Times there was no evidence of data exfiltration or theft of sensitive information. This statement occurred despite industry observers noting ASCO’s status as a potential espionage target due to its defense sector connections. The incident underscored operational vulnerabilities in critical manufacturing supply chains, with production stoppages potentially affecting multiple aerospace clients. No ransomware variant or specific attacker attribution was disclosed in available reports.