{ "id": "409f3931-d02b-4206-b6a7-c14d243c0670", "created_at": "2026-04-06T00:20:01.695055Z", "updated_at": "2026-04-10T03:24:30.230332Z", "deleted_at": null, "sha1_hash": "5d0214a2f37835c486397aa0cc2a5b39e307700a", "title": "Sodinokibi Ransomware Hits New York Airport Systems", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1821381, "plain_text": "Sodinokibi Ransomware Hits New York Airport Systems\r\nBy Sergiu Gatlan\r\nPublished: 2020-01-10 ยท Archived: 2026-04-05 22:37:28 UTC\r\nAlbany International Airport's staff announced that the New York airport's administrative servers were hit by Sodinokibi\r\nRansomware following a cyberattack that took place over Christmas.\r\nAirport operations were not impacted by the ransomware attack and customers' financial or personal information was not\r\naccessed by the attackers according to a statement from airport officials per WNYT-TV.\r\nNo airline or TSA servers were affected in the incident, with airport officials saying that the vast majority of encrypted files\r\nbeing administrative documents and archived data.\r\nhttps://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-hits-new-york-airport-systems/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-hits-new-york-airport-systems/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThe Albany County Airport Authority alerted the FBI and the New York State Cyber Command as soon as the attack was\r\ndiscovered, and also hired the services of ABS Solutions to help with the investigation.\r\nMSP's breached systems used as a stepping stone\r\nThe attackers were able to infiltrate the New York airport's systems through the maintenance server of its managed service\r\nprovider (MSP) Logical Net, a Schenectady, NY-based data center services and hosted cloud solutions provider.\r\nThe Sodinokibi Ransomware malware spread through the Albany County Airport Authority's network and also reached the\r\nbackup servers.\r\nFollowing the attack, airport CEO Philip Calderone told Times Union that \"We have severed our relationship with\r\nLogicalNet.\"\r\nLeft without backups, the airport paid the \"under six figures\" ransom the attackers demanded. Albany International Airport's\r\ninsurer reimbursed part of the ransom payment, with a $25,000 deductible to be recovered from Logical Net.\r\n\"Thanks to the fast action by our IT department, airport operations during one of the busiest travel periods of the year were\r\nnot impacted and no passenger or airline data was acquired or accessed,\" Calderone added.\r\n\"Within hours the authority was able to resume all administrative functions with systems functioning as normal. We are\r\ngrateful for the assistance provided by the New York State Cyber Command, the FBI and our consultant ABS.\"\r\nBleepingComputer has contacted the Albany International Airport, Logical Net, and the Sodinokibi actors asking for more\r\ndetails but has not yet heard back.\r\nHigh-profile Sodinokibi victims\r\nInternational foreign currency exchange Travelex is another company hit by Sodinokibi on New Year's Eve, with the\r\ncompany being forced to shut down all its systems \"to protect data and prevent the spread of the virus.\"\r\nFollowing the complete systems shut down, customers were unable to use the site or the app for transactions at around 1,500\r\nTravelex locations across the world.\r\nWhile Travelex said in a statement that there is no evidence that any of its data was stolen in the attack, the Sodinokibi crew\r\nlater told BleepingComputer that they copied over 5GB of personal and financial data, including but not limited to names,\r\ndates of birth, social security numbers, payment card info.\r\nThey also said that Travelex's backup files were also deleted and they will start publishing the stolen data if the company\r\ndoesn't pay the $3 million ransom in seven days.\r\nU.S. data center provider CyrusOne also had some of its systems encrypted by Sodinokibi Ransomware in early December\r\n2019, while hundreds of dental practices using the online backup product DDS Safe had their files locked in August after the\r\nsoftware's developer got infected through its cloud management provider, PercSoft.\r\nhttps://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-hits-new-york-airport-systems/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-hits-new-york-airport-systems/\r\nhttps://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-hits-new-york-airport-systems/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-hits-new-york-airport-systems/" ], "report_names": [ "sodinokibi-ransomware-hits-new-york-airport-systems" ], "threat_actors": [ { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434801, "ts_updated_at": 1775791470, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/5d0214a2f37835c486397aa0cc2a5b39e307700a.pdf", "text": "https://archive.orkl.eu/5d0214a2f37835c486397aa0cc2a5b39e307700a.txt", "img": "https://archive.orkl.eu/5d0214a2f37835c486397aa0cc2a5b39e307700a.jpg" } }