Black Box engineers hampered a ransomware attack and ensured public confidence
A large, U.S., international airport was the victim of a ransomware attack affecting the business side of the operation. The malware entered the airport's information systems via a phishing scam. As it took hold, the infection locked down email, payroll, and digital records - including flight and baggage information screens - which went ominously dark and had the potential to shake public confidence.
Wisely refusing the pay the ransom, but unsure what to do next, airport personnel called Black Box, a trusted airport contractor, for help. Quickly, our technical team was on-site to provide expertise and reassurance.
In two phases, Black Box engineers isolated the infection, secured the network against further attacks, and restored data information systems. Then they set about the larger task of optimizing the network by designing an upgraded data center environment, including servers and switches.
While confidential, the resulting value (visible and hidden) was significant. More importantly, the network continues to be resilient to a barrage of additional attacks since the initial assault.
Secure the network quickly and rebuild optimally
Panicked by a network that was running smoothly one moment and shut down the next, airport IT personnel lacked the resources to navigate a ransomware assault on their own. They needed technical know-how from experts who were not intimidated by cybercriminals and could not only solve the problem fast, before it became a media story, but also ensure it didn't happen again. Complicating this challenging scenario, which initially occurred near a major holiday, was the need to comply with government procurement procedures and be mindful of public relations.
Build resiliency against the bad actors
Shortly after the ransomware attack began wreaking havoc on the airport's data center, airport IT personnel called the Black Box help desk. A team of specialists was quickly onsite securing the network from further attack and working to get customer-facing digital information back online.
This act alone helped to reassure passengers, most of whom do not have a clear understanding of the difference between the airport's highly secure, federally regulated operation and the separate business operation. It also greatly reduced the stress level of airport and city executives who could now shift their focus from fear to confidence as they worked with Black Box to transform data operations.
Once the network was clean and secure - a process that took just days - our engineers began working with one of our trusted partners to design and implement a more resilient system.
Secure operations, strong public confidence and heightened awareness
When you consider the unspoken, but significant expense of a business interruption, the airport's network transformation brought significant value to their secure operations and daily maintenance. This is especially true when you consider that public-sector victims of ransomware who choose to pay, do so at a cost almost 10 times greater than their private-sector counterparts.
Equally important was the impact on the airport and local government's brand images and public confidence, which remain strong.
The malware incident also illustrated the vulnerabilities of state and local governments' IT infrastructure and the need for investment to safeguard, modernize, and optimize networks that are critical to the smooth operation of day-to-day business.
Services: Support Services,