The GandCrab’s replacement Sodinokibi has been into the news a lot recently. The evil (or REvil) ransomware has hit numerous high-profile targets. And now, the latest Sodinikobi attack has affected systems of New York Airport.
Sodinokibi Attack On New York Airport
Reportedly, the Albany County Airport Authority has disclosed a cyberattack on their systems. The New York Airport systems fell prey to Sodinokibi attack.
According to WYNT-TV, the security incident happened at the Albany International Airport on Christmas day. The malware infection affected numerous administrative servers of the airport. Fortunately though, it did not affect the routine operations.
The airport systems were infected with the virus through their computer management provider service LogicalNet. From this infected server, the ransomware then spread on the entire network affecting all systems. In addition, the ransomware also infected their backup, leaving them with no option for recovering lost data.
They assured that the security incident did not affect any airline computers. Nor did it impact the travellers’ personal information in any way.
Albany Airport Paid The Ransom
Upon detecting the ransomware infection, the Airport authority notified New York State Cyber Command and the FBI about the incident. Furthermore, they also seek help from the computer service ABS Solution.
Despite their measures, the Airport authorities could not access their data. Eventually, they had to pay the ransom to the attackers.
According to Doug Myers, an airport spokesperson, they finally managed to access their data four hours after paying the ransom.
We are back to normal… We have all our files. We’re relying now on the FBI and the state of New York to investigate.
Though, he did not specify the exact amount ransom demanded by the attackers. He mention it to be under six figures. Fortunately, they had cybersecurity insurance.
We have cyber insurance that covers us. We have a $25,000 deductible.
The Airport authorities further revealed that they had “severed” their collaboration with LogicalNet following the attack.