blackbox loader
Project
IT Services & Network Security

Challenges
  • Defeat a ransomware attack and restore business functions at a major international airport before consequential impact on travel or safety
Solution
  • Isolated malware infection and secured airport’s network from additional attacks
  • Restored front- and back-office data
  • Enhanced network for greater bandwidth, capacity, security, performance, and more
  • Provided integrated, secure network expertise and products (IPS and cloud security and analytics)
Results
  • Resolved malware attack in record time
  • Safeguarded network from additional hacks (short-term)
  • Repopulated airport screens with flight and baggage data expeditiously
  • Designed and deployed highly resilient network (long-term)
Value
  • Fortified network against future attacks and minimized business interruption costs
  • Lessened impact on airport’s and city’s brand Heightened awareness about prioritizing infrastructure upgrades against vulnerabilities

Black Box engineers hampered a ransomware attack and ensured public confidence

Summary

A large, U.S., international airport was the victim of a ransomware attack affecting the business side of the operation. The malware entered the airport's information systems via a phishing scam. As it took hold, the infection locked down email, payroll, and digital records - including flight and baggage information screens - which went ominously dark and had the potential to shake public confidence.

Wisely refusing the pay the ransom, but unsure what to do next, airport personnel called Black Box, a trusted airport contractor, for help. Quickly, our technical team was on-site to provide expertise and reassurance.

In two phases, Black Box engineers isolated the infection, secured the network against further attacks, and restored data information systems. Then they set about the larger task of optimizing the network by designing an upgraded data center environment, including servers and switches.

While confidential, the resulting value (visible and hidden) was significant. More importantly, the network continues to be resilient to a barrage of additional attacks since the initial assault.

Challenge

Secure the network quickly and rebuild optimally

Panicked by a network that was running smoothly one moment and shut down the next, airport IT personnel lacked the resources to navigate a ransomware assault on their own. They needed technical know-how from experts who were not intimidated by cybercriminals and could not only solve the problem fast, before it became a media story, but also ensure it didn't happen again. Complicating this challenging scenario, which initially occurred near a major holiday, was the need to comply with government procurement procedures and be mindful of public relations.

Solution

Build resiliency against the bad actors

Shortly after the ransomware attack began wreaking havoc on the airport's data center, airport IT personnel called the Black Box help desk. A team of specialists was quickly onsite securing the network from further attack and working to get customer-facing digital information back online.

This act alone helped to reassure passengers, most of whom do not have a clear understanding of the difference between the airport's highly secure, federally regulated operation and the separate business operation. It also greatly reduced the stress level of airport and city executives who could now shift their focus from fear to confidence as they worked with Black Box to transform data operations.

Once the network was clean and secure - a process that took just days - our engineers began working with one of our trusted partners to design and implement a more resilient system.

Outcomes

Secure operations, strong public confidence and heightened awareness

When you consider the unspoken, but significant expense of a business interruption, the airport's network transformation brought significant value to their secure operations and daily maintenance. This is especially true when you consider that public-sector victims of ransomware who choose to pay, do so at a cost almost 10 times greater than their private-sector counterparts.

Equally important was the impact on the airport and local government's brand images and public confidence, which remain strong.

The malware incident also illustrated the vulnerabilities of state and local governments' IT infrastructure and the need for investment to safeguard, modernize, and optimize networks that are critical to the smooth operation of day-to-day business.

Download PDF

Industry: Transportation,

Solution: Cybersecurity,

Services: Support Services,

Subscribe Now