Slug slimes aerospace biz AerCap with ransomware, brags about 1TB theft

Loanbase admits massive loss of customer data to thieves, too

AerCap, the world's largest aircraft leasing company, has reported a ransomware infection that occurred earlier this month, but claims it hasn't yet suffered any financial losses yet and all its systems are under control.

In a US Securities and Exchange Commission (SEC) filing on Monday, the aerospace giant said it had "experienced a cybersecurity incident related to ransomware" on January 17, the report explained:

We promptly took steps to investigate with the support of third-party cybersecurity experts and notified law enforcement. We have full control of all of our IT systems and to date, we have suffered no financial loss related to this incident. Our investigation into this incident, including the extent to which data may have been exfiltrated or otherwise impacted, remains ongoing.

A ransomware crew called Slug has claimed responsibility for the intrusion and listed AerCap as its first public target. According cyberattack analysts at Hackmanac, the criminals claim to have stolen 1TB of data belonging to AerCap.

"As of now, Slug's dark web portal remains bare, revealing no further information about the group," the security firm Xeeted.

AerCap did not respond to The Register's inquiries. The biz is headquartered in Dublin, and its biggest customer is American Airlines. 

Also on Monday, LoanDepot updated its Form 8-K filing with the SEC, and now says says crooks stole personal information belonging to millions of people in a ransomware attack earlier this month.

"Although its investigation is ongoing, the company has determined that an unauthorized third party gained access to sensitive personal information of approximately 16.6 million individuals in its systems," the mortgage lender noted.

LoanDepot said it has hired outside forensics and security experts to investigate the incident, and has made "significant progress in restoring our loan origination and loan servicing systems, including our MyloanDepot and Servicing customer portals."

LoanDepot disclosed the "cyber incident" in a January 8 SEC filing, noting the it took some IT systems offline due to the intrusion. And while it didn't call the attack ransomware directly, it did say that the incident included "encryption of data." ®

More about


Send us news

Other stories you might like