lockbit2 attacks Topaces

Incident Date:

May 10, 2022

World map



lockbit2 attacks Topaces






Dorval, Canada

Quebec, Canada

First Reported

May 10, 2022

Analysis of the Ransomware Attack on Top Aces

Overview of Top Aces

Top Aces, a premier provider of advanced adversary air (ADAIR) and joint terminal attack controller (JTAC) technology and training, serves the world's elite armed forces. The company specializes in mission-critical training that bolsters the operational readiness of combat forces, offering cost-effective solutions and prolonging the service life of military aircraft fleets. Its services feature 4th Generation maneuverability, a wide range of air-to-air weapons and sensors, all-weather capabilities, and aircraft that are light weight and capable of withstanding 9 Gs. Training programs cover JTAC, adversary support, anti-shipping attack training, and electronic warfare.

Founded in 2000 by a cadre of former fighter pilots, Top Aces boasts the "largest worldwide footprint of privately-held operational fighter aircraft," serving the Canadian, German, Israeli, and U.S. armed forces. Despite its prominence in the defense sector, specific details regarding the company's size remain undisclosed.

The Lockbit2 Ransomware Attack

The ransomware group Lockbit2 has targeted Top Aces, marking a significant cybersecurity incident within the Government sector. Top Aces has acknowledged the attack and is in the process of conducting a thorough investigation.

Lockbit2, known for its aggressive ransomware campaigns, has claimed responsibility for compromising hundreds of organizations in the past year alone, targeting at least 650 entities to date. The group has threatened to release 44GB of data stolen from Top Aces unless their demands are met by May 15. The specific vulnerabilities exploited in the attack on Top Aces have not been disclosed.

This incident underscores the persistent threat posed by ransomware groups like Lockbit2 to critical defense infrastructure and the importance of robust cybersecurity measures to protect sensitive data and maintain operational readiness.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.