Home / Advisory / India’s SpiceJet Airlines: attempted ransomware attack on 24 May 2022, Delays Flights Across Sectors

India’s SpiceJet Airlines: attempted ransomware attack on 24 May 2022, Delays Flights Across Sectors

Posted on
Cyber Secure India
SpiceJet Under Ransomware Attack

SpiceJet is among the oldest Private Airlines in India and is present in most of the sectors in India with a fleet size of over100 Aircrafts. The Airline is said to be among the low-cost airline and the second-largest in India based on the number of domestic passengers it carries — about 12 million a month.

On Tuesday, 24 May 2022, the company reported that a cyber Incident has caused grounding of a majority of the aircrafts. On receipt of the First Report, the Airlines mentioned that the cause of the breakdown is due to a Ransomware Attack. A large number of passengers have complained about the services of SpiceJet.

A SpiceJet spokesperson has stated “While our IT team has to a large extent contained and rectified the situation, this has had a cascading effect on our flights leading to delays”, “SpiceJet is in touch with experts and cybercrime authorities on the issue.” After the incident was reported and complaints raised, many passengers took to social media to inform that they are stranded at various airports, they said they were waiting for hours without food or water, and had little communication from ground staff.

What is Ransomware Attack

A Ransomware attack is a technique in which the attacker uses a software to encrypt the data by making an intrusion and the recovery is through a key provided by the attacker or by intelligent methods by the organisation/victim that can recover deleted/encrypted files in the IT Systems. During a ransomware attack, your actual files will be deleted by the malware and will be replaced by an encrypted replica. That gives you a chance to retrieve lost data by using a data recovery software.

Steps in a Typical Ransomware Attack

The typical steps in a ransomware attack are:

  1. Infection: After it has been delivered to the system via email attachment, phishing email, infected application or other method, the ransomware installs itself on the endpoint and any network devices it can access.

  2. Secure Key Exchange: The ransomware contacts the command-and-control server operated by the cybercriminals behind the attack to generate the cryptographic keys to be used on the local system.

  3. Encryption: The ransomware starts encrypting any files it can find on local machines and the network.

  4. Extortion: With the encryption work done, the ransomware displays instructions for extortion and ransom payment, threatening destruction of data if payment is not made.

  5. Unlocking: Organizations can either pay the ransom and hope for the cybercriminals to actually decrypt the affected files, or they can attempt recovery by removing infected files and systems from the network and restoring data from clean backups. (Unfortunately, negotiating with cyber criminals is often a lost cause as a recent report found that 42% of organizations who paid a ransom did not get their files decrypted.)

How can ransomware attacks be prevented?

Effective ransomware prevention requires a combination of good monitoring applications, frequent file backups, anti-malware software, and user training. Although no cyber-defenses reduce risk completely, you can greatly limit the chance attackers will be successful.

%d bloggers like this: