Bristol International Airport vs Ransomware
Time and time again, Ransomware has proven to be the most damaging malware type in history. The WannaCry ransomware nets its authors an estimated $4 billion in profit last year from the ransom payments of the victims. This time around, the Bristol International Airport is in the headlines, as the new victim of ransomware, as its flight information screens fail to display flight departure and arrival for 48-hours. Apparently, the computers running those information screens were infected by Ransomware and had their data encrypted.
An official Twit has been made by Bristol Airport, to calm down the passengers:
Live flight information has now been restored to digital screens in key locations in the terminal. pic.twitter.com/pm4R0sZ4eX
— Bristol Airport (@BristolAirport) September 16, 2018
Seek for comment, Bristol’s spokesman explained the airport situation. “We believe there was an online attempt to target part of our administrative systems and that required us to take a number of applications offline as a precautionary measure, including the one that provides our data for flight information screens. That was done to contain the problem and avoid any further impact on more critical systems. The indications are that this was a speculative attempt rather than a targeted attack on Bristol Airport,” explained James Gore, Bristol Airport’s spokesperson.
Passengers are frustrated, and let-off steam through their social media accounts. Some have demanded to return to the use of a whiteboard and a marker to display public flight data in the Bristol Airport, which the airport did in order for the flight information reaches the passengers. Manual Audio-system is also used extensively during the time of the outage, to enable smooth operation of the airport in the wake of the ransomware attack.
“No ransom to be paid for attackers to get back the system working again. The indications are that this was a speculative attempt rather than the targeted attack on Bristol Airport. At no point were any safety or security systems impacted or put at risk. (the solution took) longer than people might have expected to rectify due to a cautious approach. Given the number of safety and security critical systems operating at an airport, we wanted to make sure that the issue with the flight information application that experienced the problem was absolutely resolved before it was put back online,” concluded Gore.
As of this writing, all systems are back to normal and further investigations are currently being conducted. “We are grateful to passengers for their patience while we have been working to resolve issues with flight information this weekend. Digital screens are now live in arrivals and departures. Work will continue to restore complete site-wide coverage as soon as possible,” added Gore. Even with the incident, there was no reported incident of flight cancellations or delays, and the airport operated business-as-usual.
Cyber attacks against an International airport are not new, as back in March 2018, a preemptive shutdown of an internal Wi-Fi network at Hartsfield-Jackson Atlanta International Airport was done, as a precautionary measure of a ransomware attack against the Atlanta City’s government computers.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.