The European Union’s cybersecurity agency has said that criminals are using ransomware to wreak havoc at airports and are expecting payment to restore operations, the BBC reports.
Several major European airports are still struggling to restore normal operations after a cyberattack on the 19th of September rendered check-in and boarding systems unusable. The EU cybersecurity agency ENISA told the BBC on the 22nd of September that malware was used to disrupt automated check-in systems. ENISA said law enforcement agencies were also involved in the investigation.
It is not known who is responsible for the cyberattack, but criminal groups often use ransomware to disrupt victims’ systems and then demand a ransom. The BBC has seen internal crisis communications from Heathrow staff, which ask airlines to manually check in passengers and board while systems are restored.
The BBC understands that around half of the airlines using Heathrow have resumed using their systems since Sunday, the 21st of September, including British Airways, which has been using a backup system since the 21st of September.
The attack on US software developer Collins Aerospace was detected on the night of the 19th of September
and caused disruption at several airports on the 20th of September. Although the situation had improved in Berlin and Heathrow by the 21st of September, flights were still delayed or cancelled. Brussels Airport was also affected, and said it was working actively to resolve the problem, but it was still unclear when the disruption would be fully resolved. Brussels has cancelled 140 of the 276 flights scheduled for the 22nd of September.
A spokesman for Berlin Airport told the BBC that some airlines were still checking in passengers manually and it was not known when the electronic systems would be restored.
It is known that cybercriminals have attacked the popular flight check-in system Muse. Collins Aerospace has not explained what exactly happened or how long it will take to resolve the issue. The company is referring to the incident as a “cyber incident.” On the morning of the 22nd of September, the software developer said it was taking the final steps to update the software. A message sent to Heathrow Airport staff said that several thousand computers were corrupted and that most of the recovery work would have to be done on site, not remotely. Collins Aerospace said it had updated the system, but when it was launched it was found that the criminals still had access to it. The company did not comment on the message sent to the airport.
Read also: Aeroflot suffers IT problems; hacker group claims responsibility
The post EU cybersecurity experts: Ransomware used at airports appeared first on Baltic News Network.
