LockBit 3.0 Ransomware Attack on TDT Aero: A Threat to Global Aviation Maintenance

Incident Date:

May 7, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on TDT Aero: A Threat to Global Aviation Maintenance

Victim

TDT Aviation Maintenance Tic. A.Ş.

Attacker

Lockbit3

Location

Antalya, Turkey

, Turkey

First Reported

May 7, 2024

Ransomware Attack on TDT Aero by LockBit 3.0

Victim Profile

A prominent aircraft line maintenance company based in Turkey, TDT Aero, was targeted by the LockBit 3.0 ransomware group. Established in 2007, TDT Aero has achieved significant growth and operates in 8 stations worldwide with 200 employees. They service 12 different airframe and 23 engine types for 42 airlines from 23 countries.

Company Overview

Known for its solution-oriented approach and aims to become a global leader in the maintenance and training fields of the aviation industry, TDT Aero provides quality support to customers, prioritizes safety and security, and offers cost-effective solutions. The company has also established the Telepathy Academy in 2017 to train qualified manpower for national and international aircraft line maintenance companies.

Vulnerabilities

As a prominent player in the global aviation maintenance market, TDT Aero's extensive operations and network make them an attractive target for threat actors like the LockBit 3.0 ransomware group. The company's valuable data and sensitive information could have been compromised, leading to potential financial and operational disruptions.

Ransomware Group Tactics

LockBit 3.0, also known as LockBit Black, is a highly sophisticated ransomware variant that encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops. The group operates under a Ransomware-as-a-Service (RaaS) model, actively recruiting affiliates to target businesses and critical infrastructure organizations globally.

LockBit May Attacks

This ransomware attack on TDT Aviation Maintenance Tic. A.Ş. is part of the May 2024 attacks by LockBit 3.0. Following the disruption of its infrastructure in February during "Operation Cronos," LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. The group's adaptability and global reach highlight the challenges faced by law enforcement agencies in combating cybercrime effectively.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.