Elit Avia allegedly targeted by ransomware gang, crew data leaked

Luxury aviation services provider Elit Avia has allegedly become the latest victim of the Qilin ransomware gang, which published details of the supposed breach on its dark web leak site. The European-based private jet company was listed among Qilin’s recent targets, accompanied by files and screenshots purportedly showing internal documents and aircrew information.

While the full extent of the breach remains uncertain, the data leak appears to focus primarily on Elit Avia’s flight crew. Screenshots included in the post display personal information such as passport details, raising concerns about potential security risks for affected employees. No client-related information—typically considered the most sensitive asset in the luxury aviation sector—was included in the leak, based on initial findings.

Cybernews researchers who reviewed the material concluded that, while the attack may not constitute a major data breach, the presence of leaked personal documents still poses a significant threat. With identifiable details such as passport photos in circulation, Elit Avia staff may face heightened risks of phishing attempts, identity theft, and other forms of fraud.

Founded in 2006, Elit Avia offers global aircraft management, private jet charter services, and aircraft sales and acquisition. The company operates a fleet of long-range business jets serving high-net-worth clients worldwide.

Qilin, the ransomware group claiming responsibility for the incident, has been active since 2022 and is known for targeting a wide range of organizations across sectors. The cartel has previously breached entities including the Houston Symphony, PBS Detroit, media conglomerate Lee Enterprises, and multinational SK Group. According to Cybernews’ dark web monitoring tool Ransomlooker, Qilin is among the most prolific ransomware groups currently operating, with at least 312 confirmed victims in the past year.

Elit Avia has yet to publicly respond to the alleged breach. In line with standard ransomware tactics, the appearance of the company’s name and data on Qilin’s leak site is likely intended to apply pressure during ransom negotiations.