Christmas Ransomware Attack Hit New York Airport Servers

An upstate New York airport and its computer management provider were attacked by ransomware over Christmas, officials said.

Officials at the Albany County Airport Authority announced Thursday that the attack came to light after Schenectady-based LogicalNet reported its own management services network had been breached. From there, the virus spread to the authority’s servers and backup servers, encrypting files.

The attack, which was discovered Christmas Day, encrypted administrative files like budget spreadsheets, but no personal or financial traveler data was accessed, airport officials said, nor did it affect operations at Albany International Airport, which the authority oversees, or Transportation Security Administration or airline computers.

The airport authority’s insurance carrier authorized payment of the bitcoin ransom, which officials would say only was “under six figures,” the Times Union reported. It was paid Dec. 30, and two hours later an encryption key was received, allowing the airport authority to restore its data.

The contract with LogicalNet, which the authority has since terminated, included providing security for the airport’s system, airport authority CEO Philip Calderone said.

LogicalNet did not respond to request for comment from the Times Union.

The New York State Cyber Command and the FBI were notified of the attack, officials said, and assistance was enlisted from another computer systems contractor.

The same strain of ransomware, Sodinokibi, was used in an attack discovered on New Year’s Eve against London-based Travelex, a worldwide foreign exchange services provider.

Related: New Sodinokibi Ransomware Delivered via Oracle WebLogic Flaw

Related: Pulse Secure VPN Vulnerability Still Widely Exploited, CISA Warns