Sodinokibi Ransomware Hits New York Airport Systems
By Sergiu Gatlan
Published: 2020-01-10 · Archived: 2026-04-05 22:37:28 UTC
Albany International Airport's staff announced that the New York airport's administrative servers were hit by Sodinokibi
Ransomware following a cyberattack that took place over Christmas.
Airport operations were not impacted by the ransomware attack and customers' financial or personal information was not
accessed by the attackers according to a statement from airport officials per WNYT-TV.
No airline or TSA servers were affected in the incident, with airport officials saying that the vast majority of encrypted files
being administrative documents and archived data.
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-hits-new-york-airport-systems/
Page 1 of 4

0:00
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-hits-new-york-airport-systems/
Page 2 of 4

Visit Advertiser websiteGO TO PAGE
The Albany County Airport Authority alerted the FBI and the New York State Cyber Command as soon as the attack was
discovered, and also hired the services of ABS Solutions to help with the investigation.
MSP's breached systems used as a stepping stone
The attackers were able to infiltrate the New York airport's systems through the maintenance server of its managed service
provider (MSP) Logical Net, a Schenectady, NY-based data center services and hosted cloud solutions provider.
The Sodinokibi Ransomware malware spread through the Albany County Airport Authority's network and also reached the
backup servers.
Following the attack, airport CEO Philip Calderone told Times Union that "We have severed our relationship with
LogicalNet."
Left without backups, the airport paid the "under six figures" ransom the attackers demanded. Albany International Airport's
insurer reimbursed part of the ransom payment, with a $25,000 deductible to be recovered from Logical Net.
"Thanks to the fast action by our IT department, airport operations during one of the busiest travel periods of the year were
not impacted and no passenger or airline data was acquired or accessed," Calderone added.
"Within hours the authority was able to resume all administrative functions with systems functioning as normal. We are
grateful for the assistance provided by the New York State Cyber Command, the FBI and our consultant ABS."
BleepingComputer has contacted the Albany International Airport, Logical Net, and the Sodinokibi actors asking for more
details but has not yet heard back.
High-profile Sodinokibi victims
International foreign currency exchange Travelex is another company hit by Sodinokibi on New Year's Eve, with the
company being forced to shut down all its systems "to protect data and prevent the spread of the virus."
Following the complete systems shut down, customers were unable to use the site or the app for transactions at around 1,500
Travelex locations across the world.
While Travelex said in a statement that there is no evidence that any of its data was stolen in the attack, the Sodinokibi crew
later told BleepingComputer that they copied over 5GB of personal and financial data, including but not limited to names,
dates of birth, social security numbers, payment card info.
They also said that Travelex's backup files were also deleted and they will start publishing the stolen data if the company
doesn't pay the $3 million ransom in seven days.
U.S. data center provider CyrusOne also had some of its systems encrypted by Sodinokibi Ransomware in early December
2019, while hundreds of dental practices using the online backup product DDS Safe had their files locked in August after the
software's developer got infected through its cloud management provider, PercSoft.
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-hits-new-york-airport-systems/
Page 3 of 4

Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the
other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic
questions for any tool evaluation.
Source: https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-hits-new-york-airport-systems/
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-hits-new-york-airport-systems/
Page 4 of 4