A New York airport under ransomware virus attack

According to an ethical hacking firm, an airport in north New York, besides its IT service provider, suffered a ransomware attack during the past holidays, specifically on Christmas Day.

On Thursday, Albany County Airport officials acknowledged the incident, indicating that the attack was detected after LogicalNet, the airport’s IT services contractor, revealed that its management services network had been compromised. Subsequently, the encryption malware managed to spread and reach the airport administration servers, including backup servers.

According to ethical hacking experts, ransomware managed to encrypt thousands of administrative files, such as spreadsheets with information about the budget of facilities, itineraries and personal information of both employees and users. However, the authorities state that the incident did not compromise the operations of the airport or the activities of the airlines providing services there.

The airport administration had an insurance policy against cybersecurity incidents, so the insurer authorized the payment of a ransom in Bitcoin to restore compromised systems. Although airport officials did not specify the ransom amount, they mentioned that it was an under six figure. The payment would have been sent to hackers on December 30, by early 2020 everything had returned to normal.

Philip Calderone, CEO of Albany Airport Authority, mentions that the airport contract with LogicalNet included the insurance policy in the event of an incident like this, which was very helpful in acting promptly. However, the airport executives decided to terminate the contract with this IT company; so far LogicalNet has not commented on this.

Although the incident has already been resolved and operations have returned to normal, ethical hacking experts mention that the investigation is still ongoing, so the FBI and the unit known as New York State Cyber Command will request the appearance of airport officials and the contracting company.

The International Institute of Cyber Security (IICS) was informed that the malware variant used in this attack is Sodinokibi, which had already been used in other similar incidents, such as that at the currency exchange company Travelex, which suffered an infection that forced the shutdown of its operations worldwide.