Albany County Airport Authority announced Friday that they were the subject of a Christmas Day cyber attack.
Airport spokesman, Doug Myers, said it impacted Authority administrative computer servers, but that it did not impact airport operations.
“Airport IT staff began a robust effort to contain any impact of the attack so that no Airport operations were effected. Subsequent analysis found that no TSA or airline computers had been breached and importantly, no personal or travelers’ information had been accessed. The safety and security of the traveling public was never impaired or in jeopardy,” said Myers.
Myers said, however, that the administrative information was locked up for about six days. The hackers demanded money in return. Myers only telling News10 that the amount was “less than 6 figures.”
Executive Vice President, Mike Stamas, of GreyCastle Security said he found it interesting that they actually went ahead and paid the ransom. “The stance with the FBI and the stance with GreyCastle is that whenever possible, don’t pay the ransom because it just perpetuates these types of attacks. I know sometimes you need to get back your sensitive data, you need access to those critical documents and maybe paying the ransom is the right move, but you’re feeding the beast so to speak,” said Stamas.
Myers said the Airport Authority does have cyber insurance, so they were only responsible for the $25,000 deductible. An amount he said they’ll be looking to have refunded to them by LogicalNet. That is the Schenectady-based Computer Management Provider who Myers said was responsible for keeping their system secure. “New York State Cyber Command advised the Authority to shut down all connections with LogicalNet,” said Myers. On Friday, Myers told News10, the Airport Authority had already severed ties with the company.
When News10 went to LogicalNet on Friday, President and CEO, Tush Nikollaj, said it was all news to him.
“We still have staff there. We’re actually fully engaged with them. They have not given us an official notice that we’re out,” said Nikollaj.
When asked if he would be upset if that did in fact turn out to be the case, Nikollaj said there’s no reason to be upset. “Now is not the time to run for the hills. Now is the time to collaborate and share and provide information from both sides because I think we can all learn something,” said Nikollaj.
He said the airport had some of their own IT staff as well, so the responsibility was shared.
LogicalNet is believed to be the direct target of the attack. “A crypto virus entered the Airport’s system through LogicalNet’s maintenance server and subsequently overcame the Airport’s anti-virus protection,” said Myers.
The crypto virus spread to a handful of LogicalNet’s clients, a few Nikollaj said were able to fully recover without ransom.
Nikollaj said, LogicalNet,along with other MSPs across the world are under probe 24/7. He said he’s been in business since 1994 and this was the first time they’ve been hit. He said overall he’s proud of how it was handled. “It could have had a much more devastating affect, but I think our response team did a pretty good job,” said Nikollaj.
Nikollaj said just as security has increasingly tightened over the years at airports in response to issues that have popped up, cyber security is always expanding in a race to keep up with criminals too.
Stamas said customers, like Albany International, who is sourcing a third party, like LogicalNet, must continuously assess the risks and make sure it’s worth it.
“I’m sure logical net was doing the right things or at least trying to do the right things from a cyber security perspective, but just one exploit that happens to be present on one specific day because of a change in technology can introduce a vulnerability to create an issue like that with their client,” said Stamas.
Stamas said the criminals are hacking into MSP’s because they likely have many clients and the malware can spread throughout. “They’re trying to generate revenue so going through a service provider and hitting multiple clients with one hit it makes sense from a criminal perspective,” said Stamas.
“The safety and security of the traveling public was never impaired or in jeopardy. The Authority, working with ABS is in the process of a system redesign that will prevent such an attack in the future. The recommendations under consideration may include the purchase of new equipment and software as well as additional Authority staff,” said Myers.