SpiceJet flights face delay after ransomware attack, services back to normal now

Indian low-cost airline SpiceJet confirmed earlier today that its information technology (IT) systems faced a ransomware attack on the night of Tuesday, May 24. The latter was pegged as the reason why some of its IT systems faced disruptions, leading to flights in the early hours today being delayed – or according to passenger complaints, even stuck on the tarmac without being able to depart.

A company statement issued on Twitter at 8:30AM today read, “Certain SpiceJet systems faced an attempted ransomware attack last night that impacted and slowed down morning flight departures today. Our IT team has contained and rectified the situation and flights are operating normally now.”

However, the impact on SpiceJet was felt by the airline for its flights through the day. At 3PM today, a company statement on Twitter stated that the attack has had a “cascading effect” on its overall flight schedule for the day, leading to delays. “Some flights to airports where there are restrictions on night operations have been cancelled. SpiceJet is in touch with experts and cyber crime authorities on the issue,” it further said.

The incident is the latest example of how cyber attacks on critical IT and connected operational infrastructure can disrupt public services. In October 2020, a cyber attack on Mumbai’s power grids saw public services such as railways coming to a halt, showcasing a clear example of how remote, state-backed attackers are ramping up their targeting of public infrastructure around the world.

Akshat Jain, chief technology officer of cyber security firm Cyware, told Mint earlier this month that increasing connectivity across all industries and digitization of operations, coupled with integration of connected sensors to a company’s IT servers, have led to increased risk of targeted attacks across industries.

This is not the first example where the aviation sector has been targeted by ransomware attackers. Earlier this year, Switzerland-based aviation services provider Swissport, which offers airport ground services, saw its operations get disrupted due to a ransomware attack that froze its systems. The company, like Spicejet today, claimed that most of the impact of the attack was contained, and its systems were back to normal after a few hours of disruption.

In January 2020, a ransomware attack froze internal files of an airport in the state of New York, USA. While the attack did not halt airport operations, it was a key example of how ransomware attackers today look for a single vulnerable node in a company’s IT infrastructure, and escalate access within connected systems of multiple companies linked to an operation such as an airport.

Meanwhile, earlier this week, SpiceJet chairman and managing director, Ajay Singh, said that the company hopes to begin in-flight internet services “soon”, as it seeks to onboard more aircrafts to its fleet.