Cyber Incident Victim: E.M.I.T. Aviation Consulting
Date:
Oct 2021
Location:
Israel
Summary
LockBit 2.0 ransomware operators compromised an Israeli aerospace and defense firm specializing in aircraft and UAV systems, exfiltrating sensitive data and threatening public release unless ransom demands were met. The attackers, operating under a ransomware-as-a-service model, did not initially provide evidence of the stolen information, while the breach vector remained unidentified amid broader global targeting of multiple organizations by the prolific cybercriminal group.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around October 4, 2021, the LockBit 2.0 ransomware group publicly claimed responsibility for a cyberattack targeting E.M.I.T. Aviation Consulting Ltd, an Israeli aerospace and defense firm established in 1986. The attackers asserted they had exfiltrated sensitive company data and issued a ransom demand, threatening to release the stolen information on their dark web leak site if payment was not made by October 7, 2021. E.M.I.T., which designs and assembles complete aircraft, tactical and sub-tactical UAV systems, and mobile integrated reconnaissance systems, faced potential exposure of proprietary defense-related data. The ransomware operators did not initially provide evidence of the stolen data or disclose the specific breach method or intrusion timeline. LockBit 2.0 operated under a ransomware-as-a-service (RaaS) model, relying on affiliates to execute attacks while maintaining centralized infrastructure for extortion and data leaks. This incident followed LockBit’s June 2021 rebranding from its original 2019 operation, which included establishing an independent leak site after mainstream hacking forums banned ransomware advertisements.
The attack occurred amid heightened LockBit 2.0 activity globally, with the group listing multiple victims including Riviana, Wormington & Bollinger, and Anasia Group in the same period. The Australian Cyber Security Centre had previously warned in August 2021 about escalating LockBit 2.0 attacks targeting Australian organizations since July. While the full impact on E.M.I.T.’s operations remained unconfirmed, the compromise risked exposure of military-adjacent aerospace technologies and reconnaissance system designs. No information regarding E.M.I.T.’s incident response, ransom negotiation status, or data recovery processes was disclosed publicly. The absence of leaked files by the October 7 deadline suggested either private resolution between the parties or delayed publication by the threat actors, though subsequent developments were not documented in available sources. LockBit’s affiliate-driven model amplified the threat landscape for defense contractors, leveraging decentralized attack vectors while centralizing extortion pressures through coordinated leak threats.