Connect with us

Hi, what are you looking for?



Aviation Leasing Giant AerCap Hit by Ransomware Attack

AerCap, the largest aviation leasing company in the world, was hit by a ransomware attack on January 17th.

Aircraft leasing giant AerCap has confirmed falling victim to ransomware after an emerging cybercrime gang claimed responsibility for the attack.

The intrusion, the company said in a Form 6-K filing with the US Securities and Exchange Commission, occurred on January 17.

“We have full control of all of our IT systems and to date, we have suffered no financial loss related to this incident,” the lessor told the SEC.

AerCap also noted that it had notified law enforcement immediately after identifying the attack and that its investigation into the incident has yet to determine if any data was compromised or exfiltrated.

While the company shared no details on the attackers, an emerging ransomware group named ‘Slug’ has taken responsibility for the incident, listing AerCap on its leak site.

Slug claims to have stolen roughly one terabyte of data from the aircraft lessor, threatening to progressively leak the information unless a ransom is paid. Within two weeks, the group says, all the stolen data will be released publicly.

At the moment, Slug’s leak site only has AerCap listed as a victim.

Headquartered in Dublin, Ireland, AerCap Holdings is the largest aviation leasing company worldwide, with thousands of owned, on order, or managed aircraft, engines, and helicopters, serving more than 300 customers in 80 countries.

Advertisement. Scroll to continue reading.

One of the largest purchasers of aircraft and aircraft engines, the company has offices in Amsterdam, Dubai, London, Miami, Shanghai, Shannon, and Singapore, and representative offices in Seattle and Toulouse.

Related: Subway Sandwich Chain Investigating Ransomware Group’s Claims

Related: VF Corp Says Data Breach Resulting From Ransomware Attack Impacts 35 Million

Related: Ransomware Gang Claims Attack on Capital Health

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.