One of the biggest aircraft leasing companies in the world has apparently suffered a ransomware attack that resulted in the theft of sensitive corporate data.
AerCap appeared to confirm the news in a 6K form filed with the U.S. Securities and Exchange Commission (SEC) in which it experienced a “cybersecurity incident related to ransomware” on January 17.
The company has keen to play down the effect of the incident, noting, “We have full control of all of our IT systems and to date, we have suffered no financial loss related to this incident.”
Who is Slug?
The company is currently investigating the incident and looking to understand “the extent to which data may have been exfiltrated or otherwise impacted”. An expert thirdparty cybersecurity company was brought in to assist with the investigation, AerCap said, adding that law enforcement was notified of the breach.
While the company did not say who the attackers were or what they were after, the HackManac project claims to have found the culprit a new entrant in the ransomware landscape called Slug, The Register discovered.
In an X post published earlier this week, HackManac said Slug pulled a terabyte of sensitive data from AerCap’s endpoints. “This data is threatened to be progressively released over a twoweek period should an agreement not be reached,” the post reads.
Very little is known about Slug as a threat actor. Its website “remains bare”, HackManac said, leaving no further information about the group. Its logo is a picture of the blue sea dragon.
Headquartered in Dublin, the company’s biggest customer is American Airlines, the media found.