Aircraft parts dealer Willis Lease Finance Corporation (WLFC) has informed the US Securities and Exchange Commission that it fell victim to a cyberattack.
According to the SEC filing, the incident was flagged on January 31, when unauthorized activity was detected on portions of its systems.
“An investigation into the nature and scope of the incident was launched with the assistance of leading third-party cybersecurity experts and the company took steps to contain, assess and remediate the activity, including taking certain systems offline,” the company said in a Form 8-K filing.
According to WLFC, the incident was fully contained by February 2 and no unauthorized activity has since been detected. WLFC also noted that its investigation has yet to determine “what data has been exfiltrated or otherwise impacted” or “the complete nature, scope and impact” of the attack.
WLFC provides aircraft and engine services worldwide, lending aircraft, aircraft engines, and auxiliary power units to airlines, manufacturers, and maintenance, repair, and overhaul providers. The company says it is the first to lease jet engines to commercial operators.
While WLFC did not say what type of cyberattack it fell victim to, the Black Basta ransomware gang has claimed responsibility for the incident, adding the company to its Tor-based leak site.
The cybergang claims to have exfiltrated over 900 GB of data from WLFC, including sensitive company data, employee and customer information, shared folders, confidential documents, and more, threatening to release it all publicly within six days.
Active since at least April 2022, Black Basta has been responsible for more than 300 infections to date with ransom demands estimated in the range of $100 million as of November 2023.
Related: Ransomware Attack Knocks 100 Romanian Hospitals Offline
