Connect with us

Hi, what are you looking for?


Data Breaches

Willis Lease Finance Corp Discloses Cyberattack

Aircraft parts dealer Willis Lease Finance Corporation (WLFC) notified the SEC that it fell victim to a cyberattack.

Aircraft parts dealer Willis Lease Finance Corporation (WLFC) has informed the US Securities and Exchange Commission that it fell victim to a cyberattack.

According to the SEC filing, the incident was flagged on January 31, when unauthorized activity was detected on portions of its systems.

“An investigation into the nature and scope of the incident was launched with the assistance of leading third-party cybersecurity experts and the company took steps to contain, assess and remediate the activity, including taking certain systems offline,” the company said in a Form 8-K filing.

According to WLFC, the incident was fully contained by February 2 and no unauthorized activity has since been detected. WLFC also noted that its investigation has yet to determine “what data has been exfiltrated or otherwise impacted” or “the complete nature, scope and impact” of the attack.

WLFC provides aircraft and engine services worldwide, lending aircraft, aircraft engines, and auxiliary power units to airlines, manufacturers, and maintenance, repair, and overhaul providers. The company says it is the first to lease jet engines to commercial operators.

While WLFC did not say what type of cyberattack it fell victim to, the Black Basta ransomware gang has claimed responsibility for the incident, adding the company to its Tor-based leak site.

The cybergang claims to have exfiltrated over 900 GB of data from WLFC, including sensitive company data, employee and customer information, shared folders, confidential documents, and more, threatening to release it all publicly within six days.

Active since at least April 2022, Black Basta has been responsible for more than 300 infections to date with ransom demands estimated in the range of $100 million as of November 2023.

Advertisement. Scroll to continue reading.

Related: Ransomware Attack Knocks 100 Romanian Hospitals Offline

Related: US Offers $10M Reward for Hive Ransomware Gang

Related: Ransomware Payments Surpassed $1 Billion in 2023

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Cody Barrow has been appointed the new CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

More People On The Move

Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups.