Earlier this week, the ransomware group Rhysida, via its data leak site, claimed to have stolen 10 TB of data from Airbus Group subsidiary STELIA Aerospace North America. The group is threatening to release the data early next week if their 27-bitcoin ($2.07 million) ransom demand is not met.
STELIA specializes in the design, development and manufacturing of composites used for aerospace applications, including cabin interiors. At this point there has been no confirmation on whether the ransom has been paid.
In a statement to Comparitech, STELIA offered some details on the attack. “We confirm that Stelia North America (a subsidiary of Airbus Atlantic) recently detected a cybersecurity incident and is currently investigating claims made online by a third party.
“Upon detection, we immediately activated our cyber defense protocols and took proactive measures, including isolating affected systems, to mitigate the threat. We can confirm this incident is strictly contained to the Stelia North America IT environment and does not impact the broader Airbus Atlantic network.
“We are maintaining close coordination with relevant authorities and keeping our employees and customers informed as the situation evolves."
To validate their data theft claims, Rhysida uploaded various examples of their haul, including screenshots of identity documents, an employee benefit plan form, and several technical drawings.
The group also listed names of STELIA customers, suggesting that data was also stolen from Lockheed Martin, Northrop Grumman, Sikorsky, Leonardo, L3Harris, Airbus Atlantic, Boeing, Bombardier, De Havilland, ARDE, and MDA.
Who is Rhysida?
Rhysida is thought to have ties to the ransomware group Vice Society and first originated in May 2023. Comparitech states that that the group has stolen nearly six million records and entities have been issued with an average ransom of just over $1M.
This is the second confirmed attack this year so far. The other, a German tech company, Elabs AG, confirmed an attack in January 2026. Here, Rhysida issued a ransom demand of $392,000, which wasn’t paid. Manufacturers remain a key target in Canada, making up nearly 20 percent of the organizations targeted in ransomware attacks this year.
Special thanks to Comparitech and researcher Rebecca Moody for their contributions to this report.
