Albany Airport Pays Ransom After Its MSP Was Hit By Ransomware

The Albany (N.Y.) International Airport paid a five-figure ransom to restore data access after getting hit with Sodinokibi Ransomware over Christmas through its managed service provider.

The attack came to light after Schenectady-based MSP LogicalNet reported its own management services network had been breached, the Albany County Airport Authority announced last week. From there, the ransomware virus spread to the airport authority’s servers and backup servers, according to the announcement.

The ransomware encrypted administrative files like budget spreadsheets, but no personal or financial traveler data was accessed, according to airport officials. The attack also didn’t affect operations at Albany International Airport, which the authority oversees, or Transportation Security Administration (TSA) or airline computers.

[Related: Blue-Chip MSP Synoptek Hit By Ransomware, Paid Ransom To ‘Extortionists:’ Report]

One of LogicalNet’s servers was compromised by hackers around 2 a.m. ET Dec. 25, and the ransomware virus was transmitted to the company’s clients, LogicalNet President and CEO Tush Nikollaj told The Daily Gazette in Schenectady, N.Y. Nikollaj didn’t respond to a request for comment from CRN.

A handful of LogicalNet’s clients got locked out in the same manner that the Albany County Airport Authority did, Nikollaj told The Daily Gazette, but most were able to recover by using their backup systems. The airport authority had a backup system, but it shared a drive with the main system, which Nikollaj said defeated the backup’s purpose and made both machines vulnerable to the same attack.

The ransomware at the Albany County Airport Authority was exacerbated by the age and configuration of the equipment there, Nikollaj told The Daily Gazette. The equipment was also co-managed by airport authority personnel, which Nikollaj said meant that LogicalNet served in an advisory role at times

“While the attack vector for this incident came through our management system, the effects for the airport were different than many of our customers,” Nikollaj is quoted as saying in The Daily Gazette. “Some of the backup systems that failed to protect and preserve the airport data were selected and implemented before our relationship with the authority and without our recommendation.”

The Albany County Airport Authority terminated its contract with LogicalNet and is seeking to recover the $25,000 deductible it paid on its insurance policy from LogicalNet, The Times Union in Albany. N.Y. reported. The airport authority didn’t immediately respond to a request for comment from CRN.

The ransom was “under six figures” and paid in Bitcoin on Dec. 30, airport CEO Philip Calderone told The Times Union. The airport authority’s insurance carrier authorized payment of the bitcoin ransom, and reimbursed the airport for the portion of the ransom payment exceeding the deductible.

Two hours after the ransom was paid, an encryption key was received, and the airport authority was able to begin restoring its data.

The ransomware attack at the airport comes just nine months after the City of Albany’s IT systems were hit, with hackers demanding payment in cryptocurrency to recover the files they had encrypted. City officials promptly shut down the affected systems and didn’t have to worry about the hackers constantly changing ransom demands since the City of Albany had backups of its critical servers, officials said.