Earlier today, the Federal Aviation Administration (FAA) released an Information Note regarding Black Basta’s ransomware risk to critical aviation infrastructure and civil aviation operations.

The Information Note comes three months after the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory regarding the ransomware-as-a-service (RaaS) criminal group Black Basta. The advisory indicated that the group has successfully affected 12 of the 16 critical infrastructure sectors, including aviation. Researchers believe Black Basta and its affiliates have breached over 500 organizations since April 2022.

Black Basta’s activities around aviation cyber infrastructure have been well documented.

The most well-known (aviation-specific) case involved the group claiming to have stolen 910 GB worth of company data from Willis Lease Finance Corporation, a lessor and servicer of commercial aircraft and aircraft engines worldwide. Black Basta posted a sample of the stolen documents online, including screenshots of documents revealing the personally identifiable information of company staff across various levels and divisions. Customer information was also targeted, with several leasing agreements between the engine company and various major airlines being released by the group, providing evidence of the scale and depth of Black Basta’s penetration into Willis’ systems (The Register, February 2024).

CISA has published a lengthy advisory that includes recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help cyber professionals and their organizations protect against ransomware attacks. Click here for a PDF copy of that advisory.

Stay tuned to ARI’s News and Insights portals for more up-to-date intel on Black Basta and cyber security threats that are specifically targeting the aviation industry.