Swissport ransomware attack delays flights, disrupts operations

Swissport aviation services provider hit by ransomware attack

Aviation services company Swissport International has disclosed a ransomware attack that has impacted its IT infrastructure and services, causing flights to suffer delays.

The Swiss company provides services for cargo handling, security, maintenance, cleaning, and lounge hospitality for 310 airports in 50 countries.

It handles 282 million passengers and 4.8 million tons of cargo every year, making it a a vital link in the global aviation travel industry chain.

A tweet from the company today notes that the attack has been largely contained and systems are being restored to bring services back to normal.

tweet

At the time of writing, loading Swissport’s website returns an error, indicating that the firm’s IT team is still dealing with problems resulting from the ransomware attack.

Swissport website
Swissport website
Image: BleepingComputer

A spokesperson of the Zurich Airport, one of Swissport’s clients, told Der Spiegel that the cyberattack occurred at 6AM on Thursday and caused minor delays for 22 flight yesterday, between three and 20 minutes.

Swissport told the publication that ground services for airlines could continue even without IT system support, although delays are inevitable in some cases.

Details about this attack are scarce at the moment and it is unclear which ransomware gang is responsible or whether they stole company data during the intrusion.

As of now, no ransomware groups has claimed the attack against Swissport or on their leak sites.

The incident follows another one affecting a European company this week.  Three days ago, hackers launched an attack against Oiltanking, which disrupted fuel distribution across Germany.

Yesterday, a major oil terminals in Belgium experienced operational disruption caused by a cyberattack, which is currently under investigation from the country’s authorities.

Although none of these incidents appears to have caused severe damage, they serve as a reminder that ransomware groups are still highly active, despite the recent arrests from law enforcement [1, 2, 3].