Cleveland Hopkins International Airport is battling a ransomware attack that knocked out some displays and disabled email and other systems according to reports.
Rumors immediately circulated that hackers had gotten into payroll records. On the heels of this incident, the city of Cleveland is trying to ensure its other departments are prepared in case of a future cyber breach.
In a statement released on Wednesday evening, the city of Cleveland says the “technical issues are impacting a small number of airport systems.” They stress that there is no impact to the airport’s security and operations systems.
The system controlling the city-owned airport’s electronic boards providing flight and baggage information continued to malfunction for a fourth day, Thursday.
Three sources with knowledge of the problem told cleveland.com earlier this week that hackers had installed malware in the system. City Hall had declined to confirm that the system was hacked, instead referring to the problem as “technical issues.”
Cleveland FBI spokeswoman Vicki Anderson said in a statement Tuesday that agents are aware of the issues at the airport, which emerged Monday.
“The FBI was contacted by city and airport officials, a collaborative assessment is being conducted to determine the cause of the technical issues,” Anderson said. “Additional information is not available at this time and will be released when appropriate.”
She directed additional inquiries to the city of Cleveland. Mayor Frank Jackson’s office put out a statement Tuesday that said airport officials continue to work on restoring the flight and baggage information systems and the airport’s email system.
The city’s release made no mention of the FBI’s involvement in looking into what happened.
The majority of such infections come from user error. Quite often from a user who clicks an email link.
Antivirus is not enough.
Users must also be trained continuously via repeated and regular phishing simulation.
If they are not, a company, airport, government agency or any organization is continuously vulnerable.
Protect your company with phishing training or willingly risk becoming a victim.