Major airline technology provider Accelya attacked by ransomware group

A technology provider for many of the world’s largest airlines said it recently dealt with a ransomware attack impacting some of its systems. 

Accelya – a technology firm providing services to Delta, British Airways, JetBlue, United, Virgin Atlantic, American Airlines and many more – confirmed Tuesday that two of the security firms it hired to address the incident discovered that company data was posted on a ransomware leak site. 

The AlphV/Black Cat ransomware group published data it allegedly stole from Accelya last Thursday. The group claimed to have stolen emails, worker contracts and more.  

A spokesperson for Accelya told The Record that the experts the company hired managed to “quarantine” the ransomware before it could spread further throughout their system. 

“Our forensic investigators confirmed it was limited to a contained portion of our overall environment. We have no evidence to indicate that the malware could have moved laterally from our systems to our customers’ environments,” the spokesperson said.  

They added that the company is going over the data published to the AlphV leak site last week and will notify any customers who had information exposed. 

Accelya provides passenger, cargo, and industry analytics platforms for airline retailing. The company has more than 250 airlines that work with them across nine countries. 

The airline industry has been a ripe target for ransomware groups in 2022. In May, SpiceJet Airline in India and a Canadian fighter jet supplier were both hit with ransomware attacks.

AlphV/Black Cat continues to be one of the most prolific ransomware groups, with attacks over the last month on the city government of Alexandria, Louisiana and several universities throughout the spring.

The group attacked two energy companies in Luxembourg and Japanese video game giant Bandai Namco last month 

According to several experts, AlphV/Black Cat is a rebrand of the prolific BlackMatter ransomware group, which itself was allegedly a rebrand of the DarkSide ransomware – a gang accused of launching the headline-grabbing attack on Colonial Pipeline

A representative of the group spoke to The Record in February, claiming that most of the major ransomware groups are connected in one way or another. 

“Let’s just say: ‘We [have] borrowed their advantages and eliminated their disadvantages,’” the representative said, referring to Alphv’s relationship with other incarnations of the gang.

An FBI alert released in April said the law enforcement organization had tracked at least 60 ransomware attacks by the AlphV/Black Cat group as of March. 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.