Content, Ransomware

Sodinokibi Ransomware Attack Hits MSP, New York Airport

A Sodinokibi ransomware attack spread from an upstate New York hosting provider and MSP to an airport's IT systems during the Christmas 2019 holiday, according to a local NBC affiliate.

The attack hit LogicalNet, a hosting provider and MSP (managed IT services provider) in Schenectady, New York. From there, the malware spread to the Albany County Airport Authority's servers and backup servers, the report said.

The airport's insurance carrier authorized payment of the ransom, which was "under six figures," according to the Albany Times Union. After receiving payment, the hackers shared a decryption key with the airport, and the airport was able to recover the encrypted data.

The airport has severed its business relationship with LogicalNet, and hired ABS Solutions of Albany to bolster the airport's cyber defenses, the Albany Times Union added. LogicalNet has not commented about the attack.

Sodinokibi malware has hit range of companies, including MSPs and CSPs (managed IT and cloud services providers). Confirmed and alleged Sodinokibi victims in recent months include CyrusOnePerCSoft, and Synoptek, according to MSSP Alert and third-party reports.

Ransomware Targets Albany Region At Least Twice

This is the second time in recent months that ransomware has attacked Albany's infrastructure. The other ransomware attack hit Albany police department systems and other city services in March 2019.

Albany is the capital of New York. Roughly 100,000 people reside in the city, and more than 1 million people are in the immediate area, according to Wikipedia.

Amid ongoing attacks, the U.S. Conference of Mayors in mid-2019 unanimously resolved to no longer accede to any ransom demands from hackers, following a series of cyber shakedowns that have extorted millions from city governments.

FBI Ransomware Warnings to MSPs

The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.

To get ahead of the ransomware threat, MSSP Alert and ChannelE2E have recommended that readers:

  1. Sign up immediately for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. Some of the alerts specifically mention MSPs, CSPs, telcos and other types of service providers.
  2. Study the NIST Cybersecurity Framework to understand how to mitigate risk within your own business before moving on to mitigate risk across your customer base.
  3. Explore cybersecurity awareness training for your business and your end-customers to drive down cyberattack hit rates.
  4. Connect the dots between your cybersecurity and data protection vendors. Understand how their offerings can be integrated and aligned to (A) prevent attacks, (B) mitigate attacks and (C) recover data if an attack circumvents your cyber defenses.
  5. Continue to attend channel-related conferences, but extend to attend major cybersecurity events — particularly RSA ConferenceBlack Hat and Amazon AWS re:Inforce. (PS: Also, keep your eyes open for PerchyCon 2020 — more details soon.)
Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.