Yesterday, ransomware group Rhysida added STELIA Aerospace North America Inc. to its data leak site, issuing a 27 bitcoin ($2.07 million) ransom demand for 10 TB of data. A ransom deadline of seven days was set before the data will be released.
In a statement to Comparitech, STELIA confirmed an attack on its North American systems had been detected. The full statement reads as follows:
“We confirm that Stelia North America (a subsidiary of Airbus Atlantic based in Nova Scotia) recently detected a cybersecurity incident and is currently investigating claims made online by a third party.
“Upon detection, we immediately activated our cyber defence protocols and took proactive measures, including isolating affected systems, to mitigate the threat.
“We can confirm this incident is strictly contained to the Stelia North America IT environment and does not impact the broader Airbus Atlantic network.
“We are conducting a comprehensive forensic investigation alongside leading external cybersecurity experts. The safety and security of our people, our operations, our data, and our partners remain our absolute priority.
“We are maintaining close coordination with relevant authorities and keeping our employees and customers informed as the situation evolves.
“To protect the integrity of the ongoing investigation, we cannot provide further details at this time. So we will not further comment on the identity of the perpetrators, their methods, or the specifics of their claims.”
As part of its proof pack, Rhysida uploaded various documents, including screenshots of identity documents, an employee benefit plan form, and several technical drawings. It also lists the customers STELIA works with, suggesting data was also stolen from these major partners, including Lockheed Martin, Northrop Grumman, Sikorsky, Leonardo, L3Harris, Airbus Atlantic, Boeing, Bombardier, De Havilland, ARDE, and MDA.
Who is Rhysida?
Rhysida is thought to have ties to the ransomware group Vice Society and first originated in May 2023. Since then, we have logged 266 attacks via this group with 110 of these attacks being confirmed by the entity involved.
Across the confirmed attacks, nearly 6 million records have been breached and entities have been issued with an average ransom of just over $1.08 million. This makes the ransom demand on STELIA almost double the average.
This is the second confirmed attack this year so far. The other, a German tech company, Elabs AG, confirmed an attack in January 2026. Here, Rhysida issued a ransom demand of $392,000, which wasn’t paid.
Since it originated, Rhysida has claimed 22 attacks on Canadian organizations with six of these attacks being confirmed. As well as STELIA, these are:
- Delmar International Inc. – November 2024, $1.9 million ransom demand (unpaid)
- Montréal-Nord – November 2024, $979,000 ransom demand
- Pembina Trails School Division – December 2024, $1.6 million ransom demand
- JASCO Applied Sciences Ltd. – July 2025, $1.22 million ransom demand (unpaid)
- Collège Supérieur de Montréal – October 2025, $430,400 ransom demand
Ransomware attacks on Canadian organizations
This year, ransomware gangs have made 133 claims on Canadian organizations (across all sectors). Five of these attacks have been confirmed. The others are:
- Lakelands Public Health – January 2026, claimed by Lynx
- Ardene Holdings Inc. – January 2026, claimed by Akira
- CHOC FM 88.7 – February 2026, unknown hackers
- Westport Fuel Systems Inc. – March 2026, claimed by Embargo
As our recent Q1 ransomware roundup found, Canada was the second-most targeted country throughout the start of this year. The 101 attacks noted in Q1 of 2026 was a 14 percent decrease on Q4 of 2025’s figure (122), however.
Manufacturers, like STELIA, remain a key target in Canada, making up nearly 20 percent of the organizations targeted in ransomware attacks this year so far (26 out of the 133 claims). Ransomware attacks on manufacturers have the ability to disrupt key systems and manufacturing processes, causing vast amounts of downtime and delays.
About STELIA Aerospace North America Inc.
STELIA Aerospace North America Inc. is located in Lunenburg, Nova Scotia, Canada, and, as an aerospace and defence company, it specializes in the design, development, and manufacturing of composites. Its main markets are within North America and the Five Eyes countries (Australia, Canada, New Zealand, the United Kingdom, and the United States).
