O aeroporto de Bristol foi atingido por um ataque do tipo ransomware que causou problemas nos ecrãs de voo durante dois dias inteiros.
A notícia foi divulgada pela BBC e confirmada por um porta-voz do aeroporto que explicou que os ecrãs de ficaram off-line na sexta-feira em resposta a um ataque baseado em ransomware.
“Bristol Airport has blamed a cyber attack for causing flight display screens to fail for two days.” state the article published by the BBC.
“They are now working again at “key locations” including in departures and arrivals, and work is continuing to get the whole site back online.”
O plano de contigência foi o processo manual. Pessoal especializado do aeroposto para “mitigar” o problema no sistema derivado ao ataque informático usou quadros brancos e canetas com a informação dos voos, conta o porta voz.
Segundo o porta-voz, o aeroporto não pagou o resgate aos atacantes.
“We believe there was an online attempt to target part of our administrative systems and that required us to take a number of applications offline as a precautionary measure, including the one that provides our data for flight information screens.” said airport spokesman James Gore.
“That was done to contain the problem and avoid any further impact on more critical systems.
Source BBC – Image copyright JULIEANNE MCMAHON Image caption A spokesman said whiteboards and marker pens had to be used in place of display screens.
Os especialistas não acreditam que tenha sido um ataque direcionado contra a infraestrutura da Bristol.
“The indications are that this was a speculative attempt rather than targeted attack on Bristol Airport.”
Nenhum voo foi afetado pelo problema, mas medidas de contingência e “processos manuais”, incluindo quadros e canetas, tiveram que ser usados no lugar dos ecrãs.
“At no point were any safety or security systems impacted or put at risk.”
“Given the number of safety and security critical systems operating at an airport, we wanted to make sure that the issue with the flight information application that experienced the problem was absolutely resolved before it was put back online.”
Aquando da escrita da notícia ainda não havia informação sobre qual a família do ransomware que afetou o aeroporto.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.