Bristol Airport Flight Display Screens Failed After Ransomware Incident (Sep 18, 2018)
Flight display screens at Bristol Airport were inoperable for three consecutive days following a ransomware attack that put the screens out of order. The airport resorted to manually writing down flight times, updates, and gate numbers on whiteboards and flip charts to maintain flight services. Flights were able to operate as normal, though the airport did request that travellers arrive to the airport earlier to allow extra time for checking in and the boarding process. The airport was able to contain the attack and restore the flight display screens. Security officials reported that no ransom was paid and the safety of the security systems remain unaffected during the cyber incident.
Recommendation: While infection method and ransomware family information has not been released, ransomware is often delivered via phishing emails. Educate your employees on the risks of opening attachments from unknown senders. Anti-spam and antivirus applications provided by trusted vendors should also be employed. While the initial attack vector in this specific incident was not disclosed, threat actors often employ the use of emails to begin these sorts of attack. Therefore, emails that are received from unknown senders should be carefully avoided, and attachments from such senders should not be opened. Furthermore, it is important to have a comprehensive and tested backup solution in place, in addition to a business continuity plan for the unfortunate case of ransomware infection.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.