Hackers say they stole data from a Quebec company that has racked up hundreds of millions of dollars in contracts to train pilots for Canadian, American and allied forces. They threaten to publish them on May 15 on the dark web.
The Lockbit 2.0 hacker gang claims on its blog that it has stolen 44 gigabytes of information belonging to Top Aces and is threatening to release it on the evening of May 15.
Top Aces multiplies combat training contracts with the Canadian, American and German armies.
The Dorval company says, however, that it is still looking for traces of the intrusion. “We do business with an outside firm that helps us with that,” spokeswoman Erin Black said.
Its American subsidiary has filed a complaint with the FBI, according to our information.
Erin Black clarifies that the company has not found any ransom demand. Lockbit is a ransomware hacking gang, which usually encrypts its target’s data after stealing it. At the same time, he files a payment request on the affected server to restore access to the information.
Top Aces, founded in 2000 by former military pilots, offers combat training services. The company says it has the largest private fleet of fighter jets.
In 2019, the US Air Force awarded Top Aces part of a $6.4 billion contract to train its pilots in combat at 12 bases. For these exercises, which include mock operations against the Russian military, the company purchased a fleet of 29 used F-16 aircraft from Israel.
In 2017, Top Aces also landed a $480 million contract with Canadian National Defense for combat training services. The renewable contract could reach a total value of 1.4 billion by 2031.
The Caisse de depot et placement du Québec is a major shareholder in the company. In its latest annual report, its private placement in the holding company that owns Top Aces is valued at between 50 and 100 million.
The Canadian Forces are unable to determine the effect the cyberattack might have on the security of their data and operations.
“We are not sure if there is an impact and if the leak contains information that belongs to us,” said Army spokesman Daniel Le Bouthillier. We check with our IT people. »
He believes that little sensitive information is likely to have been leaked by Top Aces.
In a statement last February, LockBit hackers explained that “most” of its members are citizens of former USSR countries, “like Russians and Ukrainians.” The gang added, however, that its programmers also come from China, the United States, Canada and Switzerland.
Consulted by La Presse, a cybersecurity expert thinks the hack probably has nothing to do with the war in Ukraine.
“There is no reason to believe LockBit attacks are motivated by anything other than money,” said Brett Callow, cyber threat analyst for antivirus firm Emsisoft. This does not mean that the stolen data will not end up in the hands of other actors, possibly including hostile governments. »
In February, LockBit said it was “apolitical” and said it would “under no circumstances” engage in attacks on critical infrastructure or international conflicts.
The gang, active since mid-2019, is now one of the most active in the world. According to the page of his blog in the hidden web visited by La Presse, however, he counts few large organizations among his victims.
Like most hacker groups, ransomware developers deal with “affiliates” who use their program to infiltrate their targets’ networks, steal their data, and encrypt it. Then they demand a ransom to give them back access.
Security measures sometimes manage to block cybercriminals before the data is destroyed, without having been able to prevent theft. In such cases, the victims are unaware of the leak, until the ransomers publicize their wrongdoing, as they have just done on their blog.