The Target
Swissport International Ltd. is an aviation services company providing airport ground, lounge hospitality, and cargo handling services owned by an international group of investors.
It handles around 282 million passengers and 4.8 million tonnes of cargo annually, on behalf of some 850 client companies in the aviation sector.
What Happened
Swissport announced on February 4rth, 2022, that a part of their IT infrastructure had been attacked by ransomware. This caused some temporary delays.
At this point, it is not known what malware was installed nor what was ransomed.
Response
Some of Swissport's IT infrastructure was taken offline.
Backup systems were brought online
Some processes were switched to manual mode.
Most of their systems are getting scrubbed, their website is back online, and it is almost business as usual.
This is pretty unusual for a company hit with ransomware where they go offline for days and have no Incident Response or Disaster Recovery.
The Colonial Pipeline, for example, caused massive gas shortages, panic buying of gasoline, shutdowns, etc. Colonial was vastly underprepared to handle any cyberattack, let alone a ransomware attack.
Lessons
Everyone is vulnerable to ransomware. BUT
Having a coordinated strategy to respond and restore is invaluable. HOWEVER,
It costs more to respond than the actual ransomware payment demanded; Swissport had to move its operations around, and its effort to clean up its systems probably cost more than any ransomware payment demanded, even if you paid (or didn't). BUT
One can face down hackers and win.
References
Airways Magazine: Swissport Recovers from Ransomware Attack