[German]Over Christmas, the IT infrastructure of the Albany County Airport Authority of the city of Albany, New York State, was attacked by Sodinokibi ransomware. This ransomware then encrypted the files on their servers.
First reports from January 9, 2019 can be found on Times Union, I myself became aware of the cyber incident via the following tweet from Bleeping Computer.
— BleepingComputer (@BleepinComputer) January 10, 2020
Albany International Airport is the airport of the city of Albany, the capital of the US state of New York. With 64,160 aircraft movements in 2017, it is a rather small airport, which mainly serves routes in the USA. The Albany County Airport Authority is the responsible supervisory authority for the airport.
Infection over Christmas hollydays
Albany County Airport Authority officials announced on Thursday the ransomware infection of the authority’s servers. The ransomware infection came to light after Schenectady-based provider LogicalNet reported a virus infection of its own network management services. LogicalNet is a service provider offering data centre and cloud services. The New York State based company was the Managed Service Provider (MSP) for the Albany County Airport Authority’s IT systems.
(Source: Pexels Markus Spiske CC0 Lizenz)
According to LogicalNet officials, the virus spread via a maintenance server or its management functions to the Albany County Airport Authority’s servers and backup servers and encrypted the files stored there. The attack, discovered at Christmas, encrypted files for administrative purposes, such as budget tables. Since the backup servers were also compromised and files were encrypted, no copies could be restored. Bleeping Computer indicates that the Sodinokibi Ransomware was at work..
They have had luck
According to media reports, the insurance company authorised the airport authority to pay the Bitcoin ransom. Less than 6 Bitcoins (that would be less than 43,500 euros) are said to have been paid by 30 December 2019. Two hours later, the IT managers received the key for decryption, enabling the airport authority to recover their data.
The Albany County Airport Authority states that there was no access to travellers’ personal or financial data, nor did the attack affect the operations at Albany International Airport, which is monitored by the Authority, or the Transportation Security Administration (TSA) systems or the airlines’ computers.
The Albany County Airport Authority alerted the FBI and New York State Cyber Command as soon as the attack was discovered and also engaged the services of ABS Solutions to assist in the investigation. Meanwhile, the Albany County Airport Authority has cancelled its contract with LogicalNet to provide security services for the airport’s system.