Switzerland’s aviation services enterprise Swissport International recently disclosed that a dedicated ransomware attack had impacted its specialist services and information technology infrastructure. As a result, delays were caused to scheduled flights connected to the company.
A perfect target for ransomware operators
Swissport International currently provides its numerous services to 310 different airports based in 50 individual countries. The companies complement of services for the aviation industry include cargo handling, cleaning, maintenance, security and airport lounge hospitality.
Each year, the service provider is responsible for handling approximately 4.8 million tons worth of cargo and around 282 million passengers. This makes Swissport an integral connection in the industry chain for international travel by air and a prime victim to be selected by notorious ransomware gangs.
Ransomware operators thrive on creating situations that create panic and disruption. Enterprises that are deeply connected into complex chains of important processes like key service providers make perfect targets. Unable to access their IT networks and perform their vital roles, companies struck by ransomware attacks can quickly discover the chaos they cause. In desperate attempts to restore their systems, many firms attacked are often convinced to give in to extortion demands and pay their attackers’ requested ransom.
Reacting to a ransomware attack
Swissport International took to social media platform Twitter to explain the issue. It noted in a company tweet that the cyberattack involving ransomware had to a great extent been contained. It added that its IT systems were being returned to normal status so that it would be able to deliver its usual services.
A spokesperson for one of Swissport International’s clients, Zurich Airport, informed the German media company Der Spiegel that the recent attack was launched early in the morning, and caused delays to 22 flights in total. The airport added that overall, the delays were mostly minor and ranged from 3 to 20 minutes in most cases.
Swissport International also made a statement to Der Spiegel, informing the media publication that the ground services it supplied for assorted airlines could still continue to operate even without support from the firm’s impacted IT system. However, it added that in some cases, delays would be an inevitability.
At present specific details regarding this cyberattack are scarce and as yet, the identity of the ransomware gang responsible for the incident remains unclear. Additionally, whether any company data was stolen and exfiltrated during the intrusion has not been confirmed. No ransomware gang to date has claimed ownership for the attack on Swissport International and data from the company has yet to appear on any known operator’s leak site.
The Swissport International incident comes on the heels of other enterprises being struck in Europe.. The logistics firm Oiltanking was recently hit by hackers disrupting fuel distribution throughout Germany, and major oil terminals based in Belgium experienced disruption to operations after a cyberattack. Despite the fact that international authorities and law enforcement agencies are attempting to crack down on ransomware operators, these recent attacks show many gangs are still active.