Ransomware, Americas, Content, Vertical markets

Cleveland Confirms Airport Ransomware Attack, Denies Misleading Public


Cleveland’s chief information officer on Monday confirmed that the city’s Hopkins International Airport was hit last week with a ransomware attack, a local media report said.

The formal acknowledgement came six days after city officials soft-pedaled the April 21 hijack as a technical malfunction. The city, which disclosed the attack the next day, didn’t admit it was malware that caused the system problems until Thursday April 25. In a puzzling statement that day, Mayor Frank Jackson appeared to separate malware from hacking. The airport’s computer systems “were not accessed by any unauthorized personnel (hacked) and there were no ransom demands,” he said.

While the hackers engaged the city-owned airport, officials didn’t engage the cyber kidnappers, Cleveland’s CIO Donald Phillips told Cleveland.com. Hackers directed the city to respond to an email address for more information about the attack, he said, but “we never responded and moved on to fix it.” Airport chief Robert Kennedy said the hackers never made a ransom demand.

According to Phillips, the systems involved in the attack, reportedly email and in-airport flight and baggage displays, are back online and nearly fully functional. Flights or airport security were not affected and no personal data was compromised in the attack, officials said. It’s not clear if the city’s recovery was assisted by third-party managed security service providers.

In the incident’s immediate wake, Mayor Jackson’s administration waved off the possibility that the airport had been hit by ransomware hackers let alone a malware infection, allowing only that “technical issues” had affected a “small number of airport systems” not reaching into the facility’s security and operations. When that proved to not be the full story, Phillips still insisted that the city did not purposely mislead the public and the media about the cyber attack. At the time, the Mayor’s office refused to say if it had contacted the Federal Bureau of Investigation (FBI), even though the federal law enforcement agency reportedly said it had been informed of the incident.

“We were giving you what we knew at the time,” Phillips said. In a news conference on Monday, April 29, local television reporters accused the city of not fully divulging the nature of the malware attack. But Valerie McCall, the city’s communications chief, said the city never denied that malware caused the system disruption, even as she conceded that officials didn't address questions about malware or an attack on the system.

In the last two months, hackers have hit four U.S. cities with ransomware attacks. Earlier this month, Augusta, Maine suffered a highly targeted malware attack that froze the city’s entire network and forced the city center to close. Also in April, hackers stole roughly $498,000 from the city of Tallahassee, Florida’s employee payroll system. In March, Albany, New York was hit with a ransomware attack and Jackson County, Georgia officials paid cyber criminals $400,000 after a cyberattack shut down the county’s computer systems.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.