lockbit2 attacks Ethiopian Airlines

Incident Date:

May 1, 2022

World map

Overview

Title

lockbit2 attacks Ethiopian Airlines

Victim

Ethiopian Airlines

Attacker

Lockbit2

Location

Le Grand-Saconnex, Switzerland

Le Grand-Saconnex, Switzerland

First Reported

May 1, 2022

Ethiopian Airlines Suffers Ransomware Attack by LockBit2

Ethiopian Airlines, a major player in the transportation sector, has reportedly been targeted by the ransomware group LockBit2. The attack was announced on the group's dark web leak site, with the victim's website being https://www.ethiopianairlines.com/. The airline operates in the transportation sector and is known for its significant presence in the industry.

Company Profile

Ethiopian Airlines is a significant player in the aviation industry, with a wide range of destinations and a large number of passengers. The company has been expanding its operations and has been recognized for its contributions to the transportation sector.

Vulnerabilities and Impact

The exact details of the attack and its impact on Ethiopian Airlines are not provided in the search results. However, it is mentioned that LockBit2 has claimed to have accessed credentials of the airline, which could have been used to expand their access into additional systems. The group has a history of posting names of companies they claim to have attacked on their own leak site, which could indicate a potential attempt to extort money from the company under false pretenses.

Previous Attacks

LockBit2 has been involved in several high-profile attacks, including one on Accenture, which was publicly revealed in August 2021. The group claimed to have collected sufficient data from the Accenture attack to breach some of their clients, including Ethiopian Airlines.

Mitigation Strategies

While the article does not provide specific mitigation strategies, it is generally recommended for organizations to prioritize patching vulnerabilities, implement multi-factor authentication, and regularly back up data to prevent the impact of ransomware attacks.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.