Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Christmas Ransomware Attack Hit New York Airport Servers

An upstate New York airport and its computer management provider were attacked by ransomware over Christmas, officials said.

An upstate New York airport and its computer management provider were attacked by ransomware over Christmas, officials said.

Officials at the Albany County Airport Authority announced Thursday that the attack came to light after Schenectady-based LogicalNet reported its own management services network had been breached. From there, the virus spread to the authority’s servers and backup servers, encrypting files.

The attack, which was discovered Christmas Day, encrypted administrative files like budget spreadsheets, but no personal or financial traveler data was accessed, airport officials said, nor did it affect operations at Albany International Airport, which the authority oversees, or Transportation Security Administration or airline computers.

The airport authority’s insurance carrier authorized payment of the bitcoin ransom, which officials would say only was “under six figures,” the Times Union reported. It was paid Dec. 30, and two hours later an encryption key was received, allowing the airport authority to restore its data.

The contract with LogicalNet, which the authority has since terminated, included providing security for the airport’s system, airport authority CEO Philip Calderone said.

LogicalNet did not respond to request for comment from the Times Union.

The New York State Cyber Command and the FBI were notified of the attack, officials said, and assistance was enlisted from another computer systems contractor.

The same strain of ransomware, Sodinokibi, was used in an attack discovered on New Year’s Eve against London-based Travelex, a worldwide foreign exchange services provider.

RelatedNew Sodinokibi Ransomware Delivered via Oracle WebLogic Flaw

Related: Pulse Secure VPN Vulnerability Still Widely Exploited, CISA Warns

Written By

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Cybercrime

Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

ICS/OT

A hacktivist group has made bold claims regarding an attack on an ICS device, but industry professionals have questioned their claims.