Top aircraft provider hit by ransomware, with 1TB data cache possibly stolen

(Image credit: Shutterstock / binarydesign)

One of the biggest aircraft leasing companies in the world has apparently suffered a ransomware attack that resulted in the theft of sensitive corporate data. 

AerCap appeared to confirm the news in a 6-K form filed with the U.S. Securities and Exchange Commission (SEC) in which it experienced a “cybersecurity incident related to ransomware” on January 17.

The company has keen to play down the effect of the incident, noting, “We have full control of all of our IT systems and to date, we have suffered no financial loss related to this incident."

Who is Slug?

The company is currently investigating the incident and looking to understand “the extent to which data may have been exfiltrated or otherwise impacted”. An expert third-party cybersecurity company was brought in to assist with the investigation, AerCap said, adding that law enforcement was notified of the breach.

While the company did not say who the attackers were or what they were after, the HackManac project claims to have found the culprit - a new entrant in the ransomware landscape called Slug, The Register discovered.

In an X post published earlier this week, HackManac said Slug pulled a terabyte of sensitive data from AerCap’s endpoints. “This data is threatened to be progressively released over a two-week period should an agreement not be reached,” the post reads.

Very little is known about Slug as a threat actor. Its website “remains bare”, HackManac said, leaving no further information about the group. Its logo is a picture of the blue sea dragon. 

The details about the stolen data also remain a mystery, as well as the group’s ransom demands. Given that AerCap seems to have restored its systems fully, it is highly unlikely the company will pay the attackers. 

Headquartered in Dublin, the company’s biggest customer is American Airlines, the media found.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.