A New York airport under ransomware virus attack

According to an ethical hacking firm, an airport in north New York, besides its IT service provider, suffered a ransomware attack during the past holidays, specifically on Christmas Day.

On Thursday, Albany County Airport officials
acknowledged the incident, indicating that the attack was detected after
LogicalNet, the airport’s IT services contractor, revealed that its management
services network had been compromised. Subsequently, the encryption malware
managed to spread and reach the airport administration servers, including
backup servers.

According to ethical hacking experts,
ransomware managed to encrypt thousands of administrative files, such as
spreadsheets with information about the budget of facilities, itineraries and
personal information of both employees and users. However, the authorities
state that the incident did not compromise the operations of the airport or the
activities of the airlines providing services there.

The airport administration had an insurance
policy against cybersecurity incidents, so the insurer authorized the payment
of a ransom in Bitcoin to restore compromised systems. Although airport
officials did not specify the ransom amount, they mentioned that it was an
under six figure. The payment would have been sent to hackers on December 30,
by early 2020 everything had returned to normal.

Philip Calderone, CEO of Albany Airport
Authority, mentions that the airport contract with LogicalNet included the insurance
policy in the event of an incident like this, which was very helpful in acting
promptly. However, the airport executives decided to terminate the contract
with this IT company; so far LogicalNet has not commented on this.

Although the incident has already been resolved
and operations have returned to normal, ethical hacking experts mention that
the investigation is still ongoing, so the FBI and the unit known as New York
State Cyber Command will request the appearance of airport officials and the
contracting company.

The International Institute of Cyber Security (IICS)
was informed that the malware variant used in this attack is Sodinokibi,
which had already been used in other similar incidents, such as that at the
currency exchange company Travelex, which suffered an infection that forced the
shutdown of its operations worldwide.

You Might Also Like