Ransomware hits UK’s Bristol Airport, affects flight information screens

When travelers at Bristol Airport in the U.K. looked at flight information screens over the weekend, they saw a blue screen with white lettering that stated:

OUT OF SERVICE

We are sorry for the inconvenience. Our Engineers are currently working to resolve the issue as soon as possible.

Officials for the U.K.’s ninth busiest airport blamed it on a ransomware attack. The airport chose to take the electronic screens that normally direct travelers offline on Friday as a “precautionary measure” while they worked to “contain the problem.”

Arrival and departure information was instead posted on whiteboards and announced over the public speaker system over the weekend.

Bristol Airport tweeted about the “technical problems” with the flight information screens, making it clear that flights were unaffected.

We are currently experiencing technical problems with our flight information screens. Flights are unaffected and details of check-in desks, boarding gates, and arrival/departure times will be made over the public address system. Additional staff are on hand to assist passengers

— Bristol Airport (@BristolAirport) September 14, 2018

While airport spokesman James Gore did not specify what ransomware variant hit the airport, he told the BBC that Bristol Airport would not pay the undisclosed ransom demand to get the system working.

We believe there was an online attempt to target part of our administrative systems and that required us to take a number of applications offline as a precautionary measure, including the one that provides our data for flight information screens. That was done to contain the problem and avoid any further impact on more critical systems.

Details of the cyber attack

The flight screens were offline starting Friday morning, all of Saturday, and into the wee hours of Sunday. Gore blamed the long downtime on a “cautious approach” as IT rebuilt affected systems, but “at no point were any safety or security systems impacted or put at risk.”

The airport released a statement to the press about the administrative systems being subjected to an “on-line criminal attempt. A number of processes, including the application providing data for flight information screens in the terminal, were taken off line purely as a precautionary measure, while the problem was contained and to avoid any further impact.”

The plan to use whiteboards, use additional announcements over the speakers, and bring in extra staff to keep passengers informed of flight information was part of an “established contingency plan.”

Bristol Airport always remains vigilant against all types of hostile on-line activity. As with every event of any type we will monitor and keep under review how to avoid it re-occurring. However, it is important to recognize that security measures already in place ensured minimum disruption to passenger journeys.

As is always the case in cyber attacks that result in computers being replaced by manually writing things down, people took to social media to complain about delays. At roughly 4:30 a.m. local time on Sunday, Bristol Airport tweeted a photo of the restored live flight information on the digital screens. Those restored screens were working in “key locations.”

The airport followed that up with the following announcement:

We are grateful to passengers for their patience while we have been working to resolve issues with flight information this weekend. Digital screens are now live in arrivals and departures. Work will continue to restore complete site-wide coverage as soon as possible.

— Bristol Airport (@BristolAirport) September 16, 2018