[Reading time: 17 seconds]

Another day, another ransomware attack.

This time: AerCap, the world’s largest aviation leasing company, which has its HQ is in Dublin.

According to SecurityWeek:

  • AerCap has stated in their filing to the SEC that ‘“We have full control of all of our IT systems and to date, we have suffered no financial loss related to this incident,”.
  • The cyber criminals claim to have stolen roughly 1TB of data from the aircraft lessor, threatening to progressively leak the information unless a ransom is paid within the next 2 weeks.

So what?

Firstly, if you know anyone working in AerCap who may be impacted by this incident, do what you can to help. It’s a stressful time for anyone involved.

Then consider the timeline between the discovery of the attack and the SEC filing.

  • The attack was discovered on January 17th (Wednesday).
  • The Form 6-K submitted by AerCap is dated January 22nd (Monday).

In other words, as well as needing to deal with the incident, AerCap also had to deal with the SEC’s filing deadline, which requires "registrants to disclose material cybersecurity incidents" within 4 days.

So what?

It’s a reminder that our incident response plans are not just about the technical steps to respond to, and recover from, an attack.

They also need to consider the legal / regulatory requirements.

And the media attention that may arise as a result.