The Bristol Airport in the UK suffered widespread outages for past two days after being hit by a ransomware attack on Friday.
The airport has announced normal services has resumed, but for two days airport staff was forced to physically write flight updates on whiteboards to provide travelers with essential travel information on flight arrivals and departures.
Fortunately, no flights were impacted by the ransomware attack. However, airport staff was forced to announce check-in desks, boarding gates, and arrival/departure times over the public address system and additional staff members were on hand to assist confused travelers.
Airport spokesman, James Gore, claims it had been hit by a “speculative” ransomware attack. “We believe there was an online attempt to target part of our administrative systems and that required us to take a number of applications offline as a precautionary measure, including the one that provides our data for flight information screens,” Gore told the BBC.
People took to social media to complain about delays at the UK’s ninth busiest airport, but Gore blamed the extended downtime on a “cautious approach” to contain the issue and to rebuild infected IT systems to avoid any further damage to more critical operating systems. Gore admittedly claims “at no point were any safety or security systems impacted or put at risk.
No specific variant has been named as part of the attack and no ransomware payment was paid to hackers as a result of the attack.
This attack is an unsettling reminder of the real mess a ransomware infection can have on the entire organization. A study from Trend Micro recently found that the number of ransomware families declined by 26% in this years first half compared to the second half of last year, however, organizations must have protective measures in place to defend against an attack.
The best approach to protect against harmful ransomware is to harden the user workstation environment, to prevent malware activity where possible and to at least put more obstacles in the way when not. NNT, in conjunction with The Center for Internet Security (CIS), provides a comprehensive suite of system hardening templates based on security best practices. These templates can be leveraged to ensure that all of your systems retain the most appropriate checks designed to harden your environment and protect from Ransomware.
Interested in learning what the recommended hardened services settings for PCI, NERC CIP, NIST, and other compliance standards? Access our Hardened Services List resource section here to learn more.
Read the article on InfoSecurity Magazine
New Net Technologies (NNT) is now part of Netwrix