India’s SpiceJet Strands Planes After Being Hit By Ransomware Attack
Indian airline SpiceJet delayed a number of flights on Wednesday after reporting being hit by a ransomware attack the previous day.
The news was reported by the BBC, which spotted the company’s tweet earlier this week.
“Certain SpiceJet systems faced an attempted ransomware attack last night that impacted and slowed down morning flight departures today,” the company wrote on Twitter on Wednesday. “Our IT team has contained and rectified the situation and flights are operating normally now.”
A number of users took to social media channels to complain about the delayed flights, but according to Josh Rickard, Security Automation Architect at Swimlane, the consequences of the ransomware attack may have been much worse.
“Had systems been fully breached, they could be facing more severe ramifications consisting of exposed data, system-wide outages and reputation damage,” Rickard said.
The security expert also mentioned a previous accident SpiceJet was involved in back in 2020, which resulted in the personal information of over one million customers being exposed.
“This, in addition to this latest incident, is a highly concerning pattern,” Rickard added. “To ensure that organizations are prepared to defend against similar cyber incidents, and requisite day-to-day operations are able to occur without disruption, it is essential that security and IT teams have full visibility into their environments.”
Further, the executive believes these teams should leverage low-code security automation to respond to threats in real time to limit the consequences of these attacks, automating detection, response and investigation protocols as much as possible.
The thoughts were echoed by Mike Newman, CEO of My1Login, who called upon SpiceJet to reveal additional information about the attack.
“It will be interesting to hear how attackers were able to get into the airline’s network in the first place,” Newman stated.
“With data revealing that phishing and credential theft are two of the most common attack vectors used to deploy ransomware, the incident might further reinforce the importance of organizations moving away from password-based security mechanisms, and improving their cyber defenses through passwordless, where there are no passwords to be stolen or phished.”