Swissport Ransomware Attack Delayed Flights

Airport services giant Swissport is restoring its IT systems after a ransomware attack struck late last week, delaying flights.

The Zurich-headquartered firm operates everything from check-in gates and airport security to baggage handling, aircraft fuelling and de-icing and lounge hospitality. It claims to have provided ground services to 97 million passengers last year and handled over five million tons of air freight.

Swissport took to Twitter on Friday to warn its IT infrastructure had been hit by ransomware and apologize for any impact on service delivery.

However, a day later, the firm appeared to have things back under control.

“IT security incident at #Swissport contained,” it tweeted. “Affected infrastructure swiftly taken offline. Manual workarounds or fallback systems secured operation at all times. Full system clean-up and restoration now under way. We apologize for any inconvenience.”

It’s unclear exactly how severely the outage impacted its many clients around the globe. However, one report from German media revealed it led to temporary delays at Zurich airport.

“Due to system problems at our airport partner Swissport, 22 flights were delayed by three to 20 minutes yesterday,” a spokeswoman for the airport is quoted as saying.

The attackers are believed to have struck early in the morning of Thursday February 3. By Friday, there was no significant impact on operations at Zurich airport.

Backup procedures reportedly kicked in during the outage so that there was no impact on aircraft crews. However, a Swissport spokesperson reportedly admitted: “there may be delays in some cases.”

The news follows a series of attacks and disruptions at European ports and oil terminals over the past week, impacting fuel supply chains at a time of rising prices and heightened concern over the possible knock-on effect of Russia invading Ukraine.

“Whether the surge in attacks is related to current geopolitical events is unknown,” said Andy Norton, European cyber-risk officer at Armis.

“However, providers of critical services should immediately review the adequacy of their risk assessments, with emphasis on the criticality of ancillary IT systems that have increased connectivity, and the potential to impact OT and ICS production and service delivery.”

What’s Hot on Infosecurity Magazine?