The Warlock ransomware group has allegedly added Indonesian air carrier Airfast Indonesia to its list of victims, according to a post on the threat actor’s data leak site. The group claims to have exfiltrated “all user data” and has started a countdown timer, suggesting the data will be publicly released if their demands are not met. This incident places Airfast Indonesia among a growing number of organizations targeted by the prolific ransomware gang.
Established in 1971 and based in Tangerang, Indonesia, Airfast Indonesia is a prominent air carrier specializing in contract operations, aviation management, and charter services for the oil, mining, and construction industries. The company plays a crucial role in providing specialized aviation services, including passenger and cargo transport, aerial mapping, and medical evacuations throughout Indonesia and the surrounding region. The potential leak of sensitive user and corporate data could pose a significant risk to the airline’s operations, its clients, and its employees.
The Warlock group is a relatively new but aggressive ransomware-as-a-service (RaaS) operation that has been observed exploiting vulnerabilities in internet-facing applications to infiltrate corporate networks. Like other modern ransomware gangs, Warlock employs a double-extortion tactic, not only encrypting their victims’ files but also stealing sensitive data and threatening to publish it to pressure victims into paying a ransom. The group has been linked to attacks on various sectors worldwide.
