# Ransomware hits helicopter maker Kopter **zdnet.com/article/ransomware-hits-helicopter-maker-kopter/** [Home Innovation Security](https://www.zdnet.com/) Data from Kopter's internal network has been published on the LockBit gang's blog, hosted on the dark web. Written by Catalin Cimpanu, Contributor on Dec. 4, 2020 ----- kopter.jpg Image: Kopter [Helicopter maker Kopter has fallen victim to a ransomware attack after hackers breached its internal network and encrypted the company's](https://koptergroup.com/) files. After Kopter refused to engage with the hackers, the ransomware gang has published on Friday some of the company's files on the internet. **SEE:** **[Meet the hackers who earn millions for saving the web, one bug at a time (cover story PDF) (TechRepublic)](https://www.techrepublic.com/resource-library/downloads/meet-the-hackers-who-earn-millions-for-saving-the-web-one-bug-at-a-time-cover-story-pdf/)** [Many ransomware groups upload and share victim data on special "leak sites" as part of their tactics to put pressure on the hacked companies](https://www.zdnet.com/article/heres-a-list-of-all-the-ransomware-gangs-who-will-steal-and-leak-your-data-if-you-dont-pay/) to either have them come to the negotiation table or force them into paying huge ransom demands. ## LockBit ransomware gang takes credit [The Kopter data has been published on a blog hosted on the dark web and operated by the LockBit ransomware gang. Files shared on this](https://malpedia.caad.fkie.fraunhofer.de/details/win.lockbit) site include business documents, internal projects, and various aerospace and defense industry standards. ----- kopter ransom page.png Image: ZDNet ----- kopter sample files.png Image: ZDNet In an email, the operators of the LockBit ransomware told ZDNet that they breached Kopter's network last week by exploiting a VPN appliance that used a weak password and did not have two-factor authentication (2FA) enabled. The LockBit gang also said they operate a web portal on the dark web where they show details to hacked companies about the attack, including a ransom demand. LockBit operators said someone from Kopter accessed the ransom page, but the company did not engage with them in a chat window provided to hacked companies. Kopter has not publicly disclosed a security breach on its website or via business wires. A Kopter spokesperson did not return an email seeking comment on the ransomware attack. Phone calls made on Friday also remained unanswered. The Switzerland-based company was founded in 2007 and is known for its line of small and medium-class civilian helicopters. [In January 2020 Italian aerospace and defense company Leonardo acquired Kopter for an undisclosed sum](https://www.leonardocompany.com/en/press-release-detail/-/detail/28-01-2020-leonardo-to-acquire-kopter-with-the-aim-of-extending-its-helicopter-market-leadership) ----- **g** **,** **p** -----