Read at Theregister
Willis Lease Finance Corporation disclosed that it experienced a cybersecurity incident that led to data being posted on a ransomware group's leak blog. The company took immediate action to investigate and remediate the incident with the help of cybersecurity experts. It has not identified any unauthorized activity after a certain date and believes it has fully contained the incident. However, the scope of the breach and whether any data was stolen or compromised is still being determined. Law enforcement has been informed of the incident.
"The company has not identified any unauthorized activity after February 2, 2024 and, as of the date of this filing, believes it has fully contained the unauthorized activity."
The jet engine leasing company mentioned that it has developed workarounds to continue operating and serving customers while certain systems are offline. The specifics of these workarounds were not disclosed. The ransomware group, named Black Basta, claims to have stolen 910 GB of company data, including information related to customers, staff, HR, and non-disclosure agreements. The company has not explicitly mentioned "ransomware" in its disclosure, but the presence of passport scans on the ransomware group's website suggests that data may have been stolen.
There remains the possibility that ransomware isn't involved at all, but the passport scans sprawled across Black Basta's website suggest the investigation into whether data was stolen needn't drag on for too long.