Ransomware attack hit Swissport International causing delays in flights

Aviation services company Swissport International was hit by a ransomware attack that impacted its operations.

Swissport International Ltd. is an aviation services company providing airport ground,lounge hospitality and cargo handling services owned by an international group of investors. The company handles around 282 million passengers and 4.8 million tonnes of cargo annually, on behalf of some 850 client-companies in the aviation sector. With a workforce of around 66,000 personnel, Swissport is active at 307 locations in 50 countries, and generates consolidated operating revenue of EUR 2.8 billion.

Swissport International was hit by a ransomware attack that had a severe impact on its operations causing flights to suffer delays.

According to the German website Spiegel, the ransomware attack impacted a limited part of the company’s global IT infrastructure, a company spokesman confirmed that the security breach took place on Thursday morning at 6 AM.

The company said via Twitter that the attack has been largely contained, while it is working to resolve the issue as quickly as possible.

“Due to system problems at our airport partner Swissport, 22 flights were delayed by 3 to 20 minutes yesterday,” said a spokeswoman for Zurich Airport. “We are now in the process of restoring the affected systems,” said a Swissport spokesman on request. “The attack has now been contained and everything is being done to solve the problem as quickly as possible and limit the impact on flight operations.” “Swissport can continue to provide ground services for airlines safely, but there may be delays in some cases,” added the company spokesman. 

The Swissport website was not reachable on Friday afternoon.

At this time the company did not disclose details about the attack, such as the ransomware family that infected its systems or wheather the attack lead to a data breach. No ransomware groups has claimed the attack on their leak sites.

Recently other attacks impacted critical infrastructure in Europe, like the one that hit Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, severely impacting its operations. According to the media, the attack also impacted the oil supplier Mabanaft GmbH. The two companies belong to the Marquard & Bahls group.

Local media reported that the attacks could have had an impact on the fuel supply in the country. This week some of the major oil terminals in Western Europe’s biggest ports have been targeted with a cyberattack.Threat actors have hit multiple oil facilities in Belgium’s ports, including Antwerp, which is the second biggest port in Europe after Rotterdam.

Among the impacted port infrastructure, there is the Amsterdam-Rotterdam-Antwerp oil trading hub, along with the SEA-Tank Terminal in Antwerp.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Swissport International)

[adrotate banner=”5″]

[adrotate banner=”13″]