The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Descriptive Alt Text

Cybersecurity Incident Strikes Aviation Industry

February 14, 2024 Reading Time: 3 minutes

The aviation sector has once again found itself at the crosshairs of cybercriminal activities, with Willis Lease Finance Corporation, a stalwart in jet engine leasing, disclosing a significant cybersecurity breach. This incident marks a concerning development in the landscape of digital security within the aviation industry, shedding light on the vulnerabilities and the sophisticated nature of cyber threats faced by corporations today.

Summary of What Has Happened

Willis Lease Finance Corporation reported unauthorized activity on its systems to the US Securities and Exchange Commission (SEC), discovered on January 31. This breach was promptly followed by an intensive remediation effort, involving the shutdown of certain systems and collaboration with third-party cybersecurity experts. Despite these efforts, the Black Basta ransomware group claimed responsibility, alleging to have stolen 910 GB of sensitive data, including customer, staff information, and HR documents.

Who is Black Basta?

Black Basta is a notorious cybercriminal group known for their sophisticated ransomware attacks targeting various industries, including but not limited to, finance, healthcare, and now aviation. Little is known about the specific individuals or origins of the group, as they operate in clandestine networks, often utilizing advanced encryption techniques to conceal their identities and communications. They typically demand hefty ransom payments in exchange for decrypting stolen data or restoring compromised systems.

How Black Basta Attacks Work

Black Basta employs various tactics to infiltrate and compromise their targets’ networks. They often utilize spear-phishing emails containing malicious attachments or links, exploiting software vulnerabilities, or deploying brute force attacks to gain unauthorized access to systems. Once inside, they deploy their ransomware, encrypting critical files and demanding payment in exchange for decryption keys or the promise not to publish stolen data.

Signs of a Black Basta Attack

  • Unusual Network Activity: An increase in suspicious network traffic, particularly during off-peak hours, may indicate unauthorized access or data exfiltration.
  • Ransomware Messages: If employees receive ransomware messages demanding payment for data decryption, it’s a clear sign of a Black Basta attack.
  • Anomalous System Behavior: Unexpected system slowdowns, frequent crashes, or files suddenly becoming inaccessible could signify ransomware encryption in progress.

Who Has Been Affected

The breach potentially impacts a broad spectrum of Willis Lease’s stakeholders, from its employees, given the exposure of social security numbers and passport scans, to its extensive clientele, including major airlines worldwide. The leaked data encompasses NDAs, leasing agreements, and identity documents of staff across various countries, notably the US and UK, posing significant privacy and security risks.

How to Protect Yourself

  • Robust Endpoint Protection: Utilize advanced antivirus software and endpoint protection solutions to detect and block ransomware threats.
  • Regular Backups: Maintain regular backups of critical data and systems to ensure quick recovery in case of a ransomware attack.
  • Security Awareness Training: Educate employees about phishing tactics, the importance of verifying email sources, and how to recognize suspicious links and attachments.
  • Network Segmentation: Implement network segmentation to limit the spread of ransomware within the network and reduce the impact of a potential breach.
  • Patch Management: Keep all software and systems up-to-date with the latest security patches to address known vulnerabilities that ransomware may exploit. By staying vigilant and implementing proactive security measures, organizations can significantly reduce the risk of falling victim to Black Basta and similar cybercriminal groups.


The cybersecurity incident faced by Willis Lease Finance Corporation underscores the ongoing challenges and threats in safeguarding digital assets within the aviation industry. It highlights the importance of vigilance, preparedness, and investment in cybersecurity measures to mitigate the risks of such breaches. As cybercriminals continue to evolve their tactics, the industry must stay one step ahead to protect the integrity of its operations and the privacy of its stakeholders.

Let's Talk About Your Project

Leave us your details and one of our team will reach out to explore how we can assist with your cybersecurity requirements.

Postal address

The BASE Enterprise Centre

Railway Road


Co. Donegal


F93 VAK6

Phone number
IE: +353 74 970 7876 | UK: +44 20 4538 2818

To learn more about your data and privacy rights, visit our Privacy Statement.