AerCap ransomware attack latest to hit aviation sector

Global aviation leasing giant AerCap is hit by ransomware, making it the fourth company in the aviation industry to be targeted in the past six months.

Ireland's AerCap Holdings – considered one of the largest owners of commercial aircraft and aviation leasing providers in the world – filed a disclosure notice with the US Securities and Exchange Commission (SEC) on Monday.

“On January 17th, 2024, we experienced a cybersecurity incident related to ransomware,” the Dublin-based company stated in the SEC 6K form, specifically for private foreign companies.

“We have full control of all of our IT systems and to date, we have suffered no financial loss related to this incident,” the filing stated.

AerCap said it “promptly took steps” to launch an investigation, which included bringing in third-party cybersecurity experts and notifying law enforcement.

The company said “the extent to which data may have been exfiltrated or otherwise impacted” is unknown at this time and the investigation “remains ongoing.”

AerCap’s annual revenue was more than $7 billion in 2022 and 2023, a roughly 35% increase from 2021, according to the investment research platform Macrotrends.

The aviation sector has been hit with ransomware several times in 2023, including a September attack on Air Canada claimed by the BianLian ransomware group, the November attacks on aeronautics leader Boeing by the LockBit gang, and Japan Aviation Electronics by ALPHV/BlackCat.

Africa’s Kenya Airways also suffered a breach claimed by the Ransomexx group earlier this month, January 8th, 2024.

Air Canada and Kenya Airways happen to both be leasing customers of AerCap.

Dozens of other major carriers worldwide are serviced by the Irish lessor, including, Delta, United, British Airways, Lufthansa, Air France, Qatar, and Air Asia, to name just a few.

Cybernews has reached to AerCap for further information an is awaiting a response. So far no ransomware group has claimed responsibility for the attack.