Ransomware victim disclosure
← All victimsEVAS Air Charters
listed as EVAS Group · Claimed by Blacklock · listed 1 year ago
Status timeline
- ListedMay 16, 2025
- Data leakeddate unknown
At a glance
- Group
- Blacklock
- Status
- Data leaked
- Country
- Philippines
- Listed on leak site
- May 16, 2025
- Records
- 294 Employees
- Ransom demanded
- $12.5M
- Estimated revenue
- $12.5M
About the victim
AI dossier — public-source company profileEVAS Air Charters is a Canadian air charter company specializing in customized executive and business-class aircraft services. Operating across Atlantic Canada, the company serves corporate clients with tailored flight schedules and premium in-flight amenities.
- Industry
- Air Charter & Executive Aviation
- Employees
- 294
Attack summary
Severity: high — Confirmed data exfiltration from a commercial aviation company with 294 employees; exposure of corporate client records and operational data poses business and privacy risks. High ransom demand ($12.5M) and published disclosure indicate substantial data compromise.BlackLock claims to have exfiltrated data from EVAS Air Charters. The group has published the company's information and demands $12.5M ransom, indicating both encryption and data theft occurred.
Data the group says was taken
AI dossier — extracted from the leak post- Corporate client records
- Flight schedules and operational data
- Business communications
- Employee information
What the group claims
Education · Canada · 294 Employees EVAS Air Charters provides a specially designed aircraft to meet the most thorough requirements of our corporate and business class travelers. Being part of our executive class, your requests for special details and preferences for your flight can always be taken care of in advance, while in-flight commissaries and quality service is always complimentary. In comparison to alternative air travel, EVAS Air Charters operates on a schedule that was created by you, for you. Revenue $12.5 Million
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

