[BreachExchange] Bristol Airport hit by Windows ransomware

Destry Winant destry at riskbasedsecurity.com
Tue Sep 18 01:35:21 EDT 2018


https://www.itwire.com/security/84530-bristol-airport-hit-by-windows-ransomware.html

Windows ransomware hit the UK's Bristol Airport over three days
beginning on 13 September, causing the screens that display flight
information to fail.

Airport spokesman James Gore told the BBC that the screens were taken
out of service due to the ransomware attack.

Some screens had been restored to working order, he said, adding that
no ransom had been paid to get them working again.

"We believe there was an online attempt to target part of our
administrative systems and that required us to take a number of
applications offline as a precautionary measure, including the one
that provides our data for flight information screens," Gore said.

"That was done to contain the problem and avoid any further impact on
more critical systems."

Gore said the problem had taken longer than people expected to resolve
because the airport had taken what he called a cautious approach.

"Given the number of safety and security critical systems operating at
an airport, we wanted to make sure that the issue with the flight
information application that experienced the problem was absolutely
resolved before it was put back online," he added.

Issues appear to have surfaced on 13 September in the UK (14 September
in Australia), with the airport tweeting: "We are currently
experiencing technical problems with our flight information screens.

"Flights are unaffected and details of check-in desks, boarding gates,
and arrival/departure times will be made over the public address
system. Additional staff are on hand to assist passengers."

Similar tweets were issued on following days, with the airport finally
tweeting a picture of the departure display to show that the screens
were indeed working again.

Airport chief executive, Dave Lees, said on Facebook: “We are grateful
to passengers for the patience they have shown. We would also like to
thank colleagues, airlines and business partners whose hard work has
enabled flights to operate to schedule during this difficult time.”


More information about the BreachExchange mailing list