Bristol Airport Hit by Ransomware Blackout
Normal service was finally resumed at Bristol airport yesterday after two days of ransomware-related outages caused a blackout of flight information screens.
Staff were forced to hand-write regular updates on whiteboards to provide passengers with crucial information on flight arrival and departure details, while additional airport staff were deployed to help answer questions from anxious travelers.
A post on the airport’s official Twitter feed on Friday had the following:
“We are currently experiencing technical problems with our flight information screens. Flights are unaffected and details of check-in desks, boarding gates, and arrival/departure times will be made over the public address system. Additional staff are on hand to assist passengers.”
It urged passengers to arrive early “and allow extra time for check-in and boarding processes.”
Flight information was finally restored in arrivals and departures on Sunday.
Airport spokesman, James Gore, told the BBC that it had been hit by a “speculative” ransomware attack.
“We believe there was an online attempt to target part of our administrative systems and that required us to take a number of applications offline as a precautionary measure, including the one that provides our data for flight information screens,” he said.
"That was done to contain the problem and avoid any further impact on more critical systems.”
The airport had not paid the ransom, Gore added.
The incident is another reminder of the continuing threat posed to organizations by ransomware, even at a time when the general trend appears to be of cyber-criminals favoring easier and more lucrative ways to make money, like crypto-jacking and BEC attacks.
A midyear report from Trend Micro recently claimed that ransomware detections grew just 3% from the second half of 2017 to the first six months of 2018, while the number of new ransomware families detected dropped 25%.
In contrast, the number of cryptocurrency mining detections jumped 141% over the same period.
Source: Information Security Magazine