![]()
Aercap Holdings, the world's largest aircraft leasing company, notified the SEC on Monday that it experienced a ransomware attack, losing a terabyte of sensitive data to an unknown hacker. The company, based in Dublin, Ireland, said it has not suffered any financial loss related to the incident and the investigation into the extent to which data were infiltrated or impacted is ongoing.See the Form 6-K filed by Aercap here
Aercap filed a Form 6-K with the SEC Monday to notify them of the cybersecurity incident that took place on Jan. 17. A new ransomware group, known as Slug, has claimed responsibility for the attack, listing Aercap as its first public target. Cyberattack analysts in the group Hackmanac, which finds data published on the Dark Web and publishes information about the attack, posted an image from the reported group. The group planned to leak 5G of data within three days, 30G within a week and all within two weeks. Without an agreement, all the stolen data could be released. Hackmanac reported the ransom deadline as Jan. 29.
"On January 17, 2024, we experienced a cybersecurity incident related to ransomware," Aercap said in its Form 6-K to the SEC. "We promptly took steps to investigate with the support of third-party cybersecurity experts and notified law enforcement. We have full control of all of our IT systems and to date, we have suffered no financial loss related to this incident. Our investigation into this incident, including the extent to which data may have been exfiltrated or otherwise impacted, remains ongoing."
The company has a portfolio of over 1,700 aircraft, about 1,000 engines and over 300 helicopters. Customers include Emirates, Qantas, Aer Lingus, Lufthansa, Virgin Atlantic, LATAM Airlines Group, Air Canada, American Airlines, Pratt andamp; Whitney, United Airlines, Southwest and Delta Airlines. Despite the data breach, Aercap said it had control of its IT systems. The investigation is ongoing to determine what data was stolen and how many, if any, customers have been affected by the attack.
HackManac posted about the group on X (formerly Twitter), sharing that Slug's dark web portal remains bare, meaning it shares no additional information about the group. The logo on the dark web page is of a Glaucus Atlanticus, or blue sea dragon, and Hackmanac said this was a stock image.
According to Cyber News, the aviation sector was hit by multiple cyber attacks in 2023, including an attack on Aercap's customers Air Canada in September 2023 and Kenya Airways on Jan. 8. Boeing also suffered an attack in November 2023 and Japan Aviation Electronics, all by different ransomware groups. ThreatLabz, a Twitter account reporting threat intelligence and security research, said Slug was performing data extortion attacks only, with no file encryption. File encryption means encoding files, including sensitive data, to send them securely. Encoring prevents unauthorized access to data and malicious tampering. This has been described as a ransomware attack, which forces a business to pay or lose the stolen data, but data extortion involves threats to publicly release information. Aercap has described the incident as a ransomware attack. Currently, Aercap is the only known victim of the mysterious group Slug.