Lois Larson
On April 29, 2019, the city of Cleveland confirmed that a computer attack involving ransomware had impacted the systems at Cleveland Hopkins International Airport. The attack caused the airport's flight and baggage display systems and email servers to malfunction, with screens going dark and emails inaccessible. While the city initially denied that ransomware was involved, it was later confirmed by the FBI, who were investigating the incident. The attack on Cleveland Airport's systems raises concerns about the increasing frequency and impact of cyberattacks on critical infrastructure and highlights the need for governments and businesses to enhance their cybersecurity measures.
| Characteristics | Values |
|---|---|
| Date | 21 April 2019 |
| Affected Systems | Flight and baggage displays, email |
| Cause | An airport employee clicked on a computer link |
| Type of Attack | Ransomware |
| Type of Malware | Not specified |
| Impact | Screens went dark, email systems down |
| Response | FBI investigation, temporary email system |
| Ransom Paid | No |
What You'll Learn
Malware was discovered on the airport's computer servers
On April 21, 2019, malware was discovered on the computer servers of Cleveland Hopkins International Airport. The malware attack affected the systems that handled flight and baggage displays and email communications. As a result, the screens at the airport went dark, and the email systems were down. The city of Cleveland initially denied reports of a ransomware attack, claiming that only malware was found and that there was no hacking involved. However, during the investigation, it was confirmed that the malware included ransomware, which typically seeks a financial payment to unlock the affected systems.
The discovery of the malware caused technical issues at the airport, with the screens and emails being the only impacted areas. There were no reported security threats or disruptions to flight schedules. The display software was provided by a New Zealand firm, and the delay in restoring the systems was partly due to the holiday in New Zealand when the attack occurred.
The investigation into the malware attack was led by the FBI, with Agent Bryan P. Smith overseeing cybersecurity for the Cleveland Division. Smith stated that the malware likely entered the system when an airport employee clicked on a computer link. The FBI provided guidance to the airport staff on dealing with the incident and confirmed the presence of ransomware on the network.
While the city of Cleveland maintained that there was no hacking involved, experts debated the thin line between malware and hacking. The city also faced criticism for not providing full and accurate information about the scope of the computer intrusion during the incident. The ransomware attack on Cleveland Hopkins International Airport highlighted the increasing threat of cyberattacks targeting governments and businesses.
Airports and Driver's Licenses: What You Need to Know
You may want to see also
The ransomware infected portions of the airport's baggage and flight screens
On April 29, 2019, the FBI confirmed that a ransomware attack infected portions of Cleveland Hopkins International Airport's systems, including its baggage and flight screens, and email system. The attack caused the screens at the airport to go dark and the email systems to go down.
The ransomware attack on Cleveland Hopkins International Airport's baggage and flight screens was part of a larger computer intrusion that affected multiple systems within the airport. The malware entered the system when an airport employee clicked on a malicious computer link. This resulted in the encryption of files on the airport's computer servers, including those responsible for operating the flight and baggage display systems.
During the attack, the screens at the airport that typically displayed flight and baggage information went dark, causing technical issues and disruptions for passengers. The display software was provided by a New Zealand firm, and the resolution was delayed due to the firm's offices being closed for a holiday when the attack occurred.
The city of Cleveland and airport officials worked to resolve the issues, and the display systems were eventually restored to normal operation. The investigation into the ransomware attack was led by the FBI, and no ransom was paid to the attackers.
The World's Largest Airport: Where Size Matters
You may want to see also
The FBI confirmed the presence of ransomware on the network
On April 29, 2019, the FBI confirmed the presence of ransomware on the network of Cleveland Hopkins International Airport's computing systems. The ransomware attack was first detected on April 21, 2019, and affected the airport's computer servers, including systems that handled flight and baggage displays and email. As a result, the screens at the airport went dark, and the email systems were down for nearly a week.
During the initial stages of the attack, city officials downplayed the technical issues, claiming that only a small number of systems were impacted and that there were no effects on flights or safety and security operations. However, as the investigation progressed, the FBI's Cleveland Division confirmed that ransomware was indeed present on the network. Bryan P. Smith, the assistant special-agent-in-charge of the Cleveland office of the FBI, stated that the investigation was ongoing and that there were no safety issues at the airport.
The FBI provided guidance to the airport staff on managing the incident and had a dedicated team of cyber experts familiar with the malware affecting the Hopkins system. While the exact method of infection was not disclosed, Smith suggested that the malware likely entered the system when an airport employee clicked on a malicious computer link. This incident highlighted the vulnerability of critical infrastructure to ransomware attacks and the potential for significant disruption.
Despite the attack, airport officials maintained that no ransom was paid. They emphasized that there were no security threats and that the display and email issues were the only problems encountered during the incident. The city's chief of communications, Valarie McCall, faced criticism for allegedly misleading the media and not providing full updates throughout the week of technical difficulties. However, McCall refuted these claims, explaining that the display software provider, a New Zealand-based firm, was closed for a holiday during the attack, contributing to the delay in restoring the systems.
Weed Testing: Standard Airport Job Requirement or Not?
You may want to see also
No ransom was paid, despite demands
On April 21, 2019, malware was discovered on several Cleveland Hopkins International Airport computing systems. The flight information display, baggage information display, and email systems were impacted. The city of Cleveland initially denied reports that ransomware was found on the computers, claiming that only malware was detected and that they were "not hacked and no ransom demands were made". However, on April 29, the city confirmed for the first time that the attack included ransomware, which seeks a financial payment to unlock affected systems.
Despite the ransomware attack, no ransom was paid. Airport director Robert Kennedy stated that there were no safety issues at the airport and that the FBI was notified and provided guidance to the staff. The city's chief of communications, Valarie McCall, denied that the city lied to the media about the ransomware. She emphasized that there were no security threats and that the only issues were with the display screens and emails. The city did not consider making any payments to the hackers.
The FBI's investigation into the attack is ongoing. Bryan Smith, assistant special-agent-in-charge of the Cleveland office of the FBI, stated that the malware likely entered the system when an airport employee clicked on a computer link. He noted that this incident is a good example of how anyone can be a victim of a cyberattack. The city of Cleveland has faced criticism for not providing full and accurate information about the scope of the computer intrusion during the week of the attack.
The city's chief information officer, Donald Phillips, acknowledged that the malware involved was a form of ransomware but maintained that they did not intend to mislead the public or the media. He stated that they were sharing what they knew at the time and that they never responded to the ransom demands, instead focusing on fixing the issue. The city of Cleveland has experienced technical outages and cyber attacks, causing havoc for the government and businesses. Security experts predict that instances of ransomware attacks will continue to rise, and the question to ask is "when will another attack be attempted?" rather than "how did this happen?".
A Guide to Using the SFO Cell Phone Lot
You may want to see also
The city of Cleveland denied reports of ransomware initially
On April 29, 2019, the city of Cleveland confirmed that a ransomware attack had infected portions of Cleveland Hopkins International Airport's systems, including baggage and flight screens and its email system. However, in the week leading up to this confirmation, the city had denied reports of ransomware, attributing the issues to "technical difficulties."
During this time, the screens at the airport went dark, and the email systems were down. City officials initially downplayed the issues, claiming that Cleveland Hopkins International Airport was experiencing technical issues that were only impacting a small number of systems. They maintained that all other systems were functioning normally and that there were no impacts on flights or safety and security operations.
The Director of Port Authority for the City of Cleveland, Robert Kennedy, stated that they had noticed anomalies on the screens on Sunday and immediately called in their IT group to investigate. Despite this early detection, the city did not acknowledge that malware had infected the system until Friday, nearly a week later.
Valarie McCall, the city's Chief of Communications, denied that they had lied to the media about the ransomware. She attributed the delays in providing information to the dynamic nature of the situation, stating that they had tried to clarify misinformation and dispel rumors. McCall emphasized that there were no security threats and that the only issues were with the display screens and emails.
Gatwick Airport: A Gateway to London and the South of England
You may want to see also
Frequently asked questions
The Cleveland Hopkins International Airport was hit by a ransomware attack that spread through malware. The malware likely entered the system when an airport employee clicked on a computer link.
The ransomware affected the airport's baggage and flight screens and its email system. The screens went dark, and the email systems were down.
No, the city did not pay any ransom. While there were reports of ransom demands, the city officials maintained that they were not hacked and no demands were made.
The attack caused technical issues at the airport, with screens and emails being the only issues. There were no security threats or impacts on flight schedules. The regular email system was temporarily replaced, and a third-party vendor provided the display software, resulting in a week-long fix.
