Aircraft Lessor Hit with 1-Terabyte Hack from 'Slug' Group

AerCap confirmed a ransomware attack in a filing with the US Securities and Exchange Commission, stating that the firm was robbed of 1 terabyte of data by the "Slug" group.

The group has threatened to slowly trickle out releases of the data unless AerCap pays their ransom, setting a 2-week deadline to begin paying. The leak plans appear to have 5 gigabytes published after 3 days of non-payment, 30 gigs after a week, with the rest of the data published at the end of the 2-week term. No indication has been given of how much the ransom sits at.

Slug seemed like a small-timer at first, with only the AerCap caper to their hame,but things have a way of moving quickly in the ransomware space. Unlike the usual method of exploiting weaknesses and encrypting the data and systems of a target, Slug opted for a less invasive and hands-off method. They merely copied internal AerCap data without encrypting anything, allowing the firm to continue on with business as usual. (By ransomware standards, it's a courtesy, though the extortion angle mitigates the kindness quite a bit.) The only drive to enforce ransom payment is the fear of public disclosure of their internal documentation. The company hasn't been too noisy about the hack, and their tone so far appears nonplussed about the whole affair.

In their Form K-6 to the SEC, AerCap gave a brief overview of the event. "On January 17, 2024, we experienced a cybersecurity incident related to ransomware. We promptly took steps to investigate with the support of third-party cybersecurity experts and notified law enforcement. We have full control of all of our IT systems and to date, we have suffered no financial loss related to this incident. Our investigation into this incident, including the extent to which data may have been exfiltrated or otherwise impacted, remains ongoing."

FMI: www.aercap.com