
The Albany (N.Y.) International Airport paid a five-figure ransom to restore data access after getting hit with Sodinokibi Ransomware over Christmas through its managed service provider.
The attack came to light after Schenectady-based MSP LogicalNet reported its own management services network had been breached, the Albany County Airport Authority announced last week. From there, the ransomware virus spread to the airport authority’s servers and backup servers, according to the announcement.
The ransomware encrypted administrative files like budget spreadsheets, but no personal or financial traveler data was accessed, according to airport officials. The attack also didn’t affect operations at Albany International Airport, which the authority oversees, or Transportation Security Administration (TSA) or airline computers.
[Related: Blue-Chip MSP Synoptek Hit By Ransomware, Paid Ransom To ‘Extortionists:’ Report]
One of LogicalNet’s servers was compromised by hackers around 2 a.m. ET Dec. 25, and the ransomware virus was transmitted to the company’s clients, LogicalNet President and CEO Tush Nikollaj told The Daily Gazette in Schenectady, N.Y. Nikollaj didn’t respond to a request for comment from CRN.
A handful of LogicalNet’s clients got locked out in the same manner that the Albany County Airport Authority did, Nikollaj told The Daily Gazette, but most were able to recover by using their backup systems. The airport authority had a backup system, but it shared a drive with the main system, which Nikollaj said defeated the backup’s purpose and made both machines vulnerable to the same attack.
The ransomware at the Albany County Airport Authority was exacerbated by the age and configuration of the equipment there, Nikollaj told The Daily Gazette. The equipment was also co-managed by airport authority personnel, which Nikollaj said meant that LogicalNet served in an advisory role at times
“While the attack vector for this incident came through our management system, the effects for the airport were different than many of our customers,” Nikollaj is quoted as saying in The Daily Gazette. “Some of the backup systems that failed to protect and preserve the airport data were selected and implemented before our relationship with the authority and without our recommendation.”
The Albany County Airport Authority terminated its contract with LogicalNet and is seeking to recover the $25,000 deductible it paid on its insurance policy from LogicalNet, The Times Union in Albany. N.Y. reported. The airport authority didn’t immediately respond to a request for comment from CRN.
The ransom was “under six figures” and paid in Bitcoin on Dec. 30, airport CEO Philip Calderone told The Times Union. The airport authority’s insurance carrier authorized payment of the bitcoin ransom, and reimbursed the airport for the portion of the ransom payment exceeding the deductible.
Two hours after the ransom was paid, an encryption key was received, and the airport authority was able to begin restoring its data.
The ransomware attack at the airport comes just nine months after the City of Albany’s IT systems were hit, with hackers demanding payment in cryptocurrency to recover the files they had encrypted. City officials promptly shut down the affected systems and didn’t have to worry about the hackers constantly changing ransom demands since the City of Albany had backups of its critical servers, officials said.
related stories
Video
trending stories
sponsored resources

Veeam
Veeam

Cato Networks
SASE & SD-WAN 360

Channel Chief Showcase

CRN Showcase

APC by Schneider Electric
Digital Services for Edge Learning Center

Acer
Remote Workforce 360

Cradlepoint
5g for Business 360

Trend Micro
Trend Micro Learning Center

Partner Program Guide Showcase

Sophos
Sophos Cybersecurity Learning Center

Cyber Protection 360

Comm100
Collaboration & Communications 360

VMware

HubStor
Cloud Backup 360

Wasabi
Wasabi

Cysurance
Cyber Insurance 360

Dell Technologies
Microsoft HCI Solutions from Dell Technologies Learning Center

Dell Technologies
Dell Technologies Storage Learning Center

Dell Technologies
Dell Technologies Server Learning Center

Dell Technologies
Dell Technologies Cloud Learning Center

Sherweb
Sherweb

Carbonite
Cloud Storage 360

Comcast Business
Comcast Business Learning Center

iboss
Cloud SASE Platform 360

Terranova Security
Cybersecurity 360

CyberPower
CyberPower

N-able
MSP Automation Solutions 360

eSentire
Managed Detection and Response 360

EPOS
EPOS

NPD
Industry Trends 360

Vertiv
Edge Computing Learning Center

Webroot
Webroot Learning Center

Tenable
Cyber Risk 360

BlackBerry
BlackBerry Learning Center

Fujifilm
Fujifilm

Vonage
Vonage

Application Integration 360

Hitachi Vantara
Hitachi Vantara

Smart 3rd Party
3rd Party Maintenance 360
