Airport services firm Swissport reports ransomware incident

Swiss airport management service Swissport reported a ransomware attack affecting its IT systems on Friday. The company said its IT infrastructure was targeted by the ransomware attack. 

The group behind the attack was not named. 

“The attack has been largely contained, and we are working actively to fully resolve the issue as quickly as possible. Swissport regrets any impact the incidence has had on our service delivery,” Swissport said. 

A spokesperson for the National Cyber Security Centre in Switzerland told ZDNet that they are in contact with Swissport but could not provide more information. 

Headquartered in Opfikon, Switzerland, the company manages airport ground and cargo handling services. 

Der Spiegel reported that 22 flights were delayed about 20 minutes due to the attack. The company told the newspaper that there would be some delays but that it would continue providing ground services at Zurich Airport and others. 

The attack caps a week of ransomware attacks and cybersecurity incidents affecting European oil and transportation services. A cyberattack on two German oil suppliers forced energy giant Shell to reroute oil supplies to other depots. The German Federal Office for Information Security (BSI) said the BlackCat ransomware group was behind the incident, which affected 233 gas stations across Germany.

On Thursday, multiple ports in Belgium and the Netherlands reported issues after a cyberattack affecting IT services. Terminals operated by SEA-Tank, Oiltanking, and Evos in Antwerp, Ghent, Amsterdam, and Terneuzen are all dealing with issues related to their operational systems. In a statement to ZDNet, Oiltanking said it “declared force majeure” due to the attacks. 

A spokesperson from Evos told ZDNet that they are continuing to operate their terminals but are having some delays after the attack disrupted IT services at terminals in Terneuzen, Ghent, and Malta. Prosecutors in Antwerp have opened an investigation into the cyberattacks.

Billion-dollar German logistics firm Hellmann Worldwide Logistics was also hit with ransomware in December.

The Dutch Ministry of Justice and Security told ZDNet that news outlets making connections between the attacks in The Netherlands, Belgium and Germany were incorrect. 

“Based on information the NCSC has seen the following: As far as currently known, it doesn't seem to be a coordinated attack. Probably the attacks have been carried out with a criminal intent aimed at financial gain,” NCSC spokesperson Miral Scheffer said. 

“The NCSC will monitor the situation closely and takes actions when necessary.”