The Albany International Airport in New York state succumbed
to a Sodinokibi ransomware attack, and the authorities chose to pay a ransom to
the criminals to restore functionality to the vital systems.
The Sodinokibi attack on Christmas Day infected a number
of systems, including the backups and some Excel documents holding budget data.
Fortunately for the airport and its customers, no private data was affected,
such as credit card information.
Five days after the attack, the authorities chose to pay
the ransom, of under “six figures.” The files were decrypted, and
normal operations resumed, although airport officials said day-to-day
operations weren’t affected.
The point of entry for the Sodinokibi ransomware was the
maintenance servers owned by a company called Logical Net. The airport has
since severed ties with Logical Net, but the company said everything that
happened after the initial infection was the responsibility of the airport as
well. According to a GovInfoSecurity report,
the backup systems failed to protect the data.
Paying the ransom is usually the last resort for
companies and the public sector. Nowadays, organizations have cyber insurance
and backups, so ransomware attacks no longer have the same impact.
This is one reason we’re
witnessing an evolution in tactics used by some hackers, especially the
ones using Sodinokibi and Maze. During attacks, hackers could steal data, which
is later used in blackmail or sold on the black market. The airport officials
in Albany didn’t say if that was the case, but they wouldn’t be the
first ones if so.
Lastly, it’s worth pointing out that Sodinokibi is used
as a malware-as-a-service, which means different hackers can use it. The attack
vectors might be the same, but the people behind them could differ.