{
	"id": "abf337c8-062a-4291-90a3-768305cf7f13",
	"created_at": "2026-04-06T00:09:02.442149Z",
	"updated_at": "2026-04-10T03:29:39.968707Z",
	"deleted_at": null,
	"sha1_hash": "318993c0fb99c280f882751f8dcb3105b1eead4f",
	"title": "Major airline technology provider Accelya attacked by ransomware group",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 76630,
	"plain_text": "Major airline technology provider Accelya attacked by\r\nransomware group\r\nBy Jonathan Greig\r\nPublished: 2023-01-11 · Archived: 2026-04-05 13:35:58 UTC\r\nA technology provider for many of the world’s largest airlines said it recently dealt with a ransomware attack\r\nimpacting some of its systems. \r\nAccelya – a technology firm providing services to Delta, British Airways, JetBlue, United, Virgin Atlantic,\r\nAmerican Airlines and many more – confirmed Tuesday that two of the security firms it hired to address the\r\nincident discovered that company data was posted on a ransomware leak site. \r\nThe AlphV/Black Cat ransomware group published data it allegedly stole from Accelya last Thursday. The group\r\nclaimed to have stolen emails, worker contracts and more.  \r\n— Dominic Alvieri (@AlvieriD) August 17, 2022\r\nA spokesperson for Accelya told The Record that the experts the company hired managed to “quarantine” the\r\nransomware before it could spread further throughout their system. \r\n“Our forensic investigators confirmed it was limited to a contained portion of our overall environment. We have\r\nno evidence to indicate that the malware could have moved laterally from our systems to our customers’\r\nenvironments,” the spokesperson said.  \r\nThey added that the company is going over the data published to the AlphV leak site last week and will notify any\r\ncustomers who had information exposed. \r\nAccelya provides passenger, cargo, and industry analytics platforms for airline retailing. The company has more\r\nthan 250 airlines that work with them across nine countries. \r\nThe airline industry has been a ripe target for ransomware groups in 2022. In May, SpiceJet Airline in India and a\r\nCanadian fighter jet supplier were both hit with ransomware attacks.\r\nAlphV/Black Cat continues to be one of the most prolific ransomware groups, with attacks over the last month on\r\nthe city government of Alexandria, Louisiana and several universities throughout the spring.\r\nThe group attacked two energy companies in Luxembourg and Japanese video game giant Bandai Namco last\r\nmonth \r\nAccording to several experts, AlphV/Black Cat is a rebrand of the prolific BlackMatter ransomware group, which\r\nitself was allegedly a rebrand of the DarkSide ransomware – a gang accused of launching the headline-grabbing\r\nattack on Colonial Pipeline. \r\nhttps://therecord.media/major-airline-technology-provider-accelya-attacked-by-ransomware-group/\r\nPage 1 of 3\n\nA representative of the group spoke to The Record in February, claiming that most of the major ransomware\r\ngroups are connected in one way or another. \r\n“Let’s just say: ‘We [have] borrowed their advantages and eliminated their disadvantages,’” the representative\r\nsaid, referring to Alphv’s relationship with other incarnations of the gang.\r\nAn FBI alert released in April said the law enforcement organization had tracked at least 60 ransomware attacks\r\nby the AlphV/Black Cat group as of March. \r\nGet more insights with the\r\nRecorded Future\r\nIntelligence Cloud.\r\nLearn more.\r\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/major-airline-technology-provider-accelya-attacked-by-ransomware-group/\r\nPage 2 of 3\n\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nSource: https://therecord.media/major-airline-technology-provider-accelya-attacked-by-ransomware-group/\r\nhttps://therecord.media/major-airline-technology-provider-accelya-attacked-by-ransomware-group/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://therecord.media/major-airline-technology-provider-accelya-attacked-by-ransomware-group/"
	],
	"report_names": [
		"major-airline-technology-provider-accelya-attacked-by-ransomware-group"
	],
	"threat_actors": [
		{
			"id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b",
			"created_at": "2022-10-25T16:07:23.303713Z",
			"updated_at": "2026-04-10T02:00:04.530417Z",
			"deleted_at": null,
			"main_name": "ALPHV",
			"aliases": [
				"ALPHV",
				"ALPHVM",
				"Ambitious Scorpius",
				"BlackCat Gang",
				"UNC4466"
			],
			"source_name": "ETDA:ALPHV",
			"tools": [
				"ALPHV",
				"ALPHVM",
				"BlackCat",
				"GO Simple Tunnel",
				"GOST",
				"Impacket",
				"LaZagne",
				"MEGAsync",
				"Mimikatz",
				"Munchkin",
				"Noberus",
				"PsExec",
				"Remcom",
				"RemoteCommandExecution",
				"WebBrowserPassView"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434142,
	"ts_updated_at": 1775791779,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/318993c0fb99c280f882751f8dcb3105b1eead4f.pdf",
		"text": "https://archive.orkl.eu/318993c0fb99c280f882751f8dcb3105b1eead4f.txt",
		"img": "https://archive.orkl.eu/318993c0fb99c280f882751f8dcb3105b1eead4f.jpg"
	}
}