Airport services firm Swissport reports ransomware incident

Swissport said part of its IT infrastructure was hit with a ransomware attack on Thursday.
Written by Jonathan Greig, Contributor

Swiss airport management service Swissport reported a ransomware attack affecting its IT systems on Friday. The company said the ransomware attack targeted its IT infrastructure. 

The group behind the attack was not named. 

Also: Prosecutors investigating cyberattacks affecting multiple Belgian and Dutch ports

"The attack has been largely contained, and we are working actively to fully resolve the issue as quickly as possible. Swissport regrets any impact the incidence has had on our service delivery," Swissport said. 

A spokesperson for the National Cyber Security Centre in Switzerland told ZDNet that they are in contact with Swissport but could not provide more information. The company's website is currently down. 

Headquartered in Opfikon, Switzerland, the company manages airport ground and cargo handling services. 

Der Spiegel reported that 22 flights were delayed about 20 minutes due to the attack. The company told the newspaper that there would be some delays but that it would continue providing ground services at Zurich Airport and 306 other locations. 

The attack caps a week of ransomware attacks and cybersecurity incidents affecting European oil and transportation services. A cyberattack on two German oil suppliers forced energy giant Shell to reroute oil supplies to other depots. The German Federal Office for Information Security (BSI) said the BlackCat ransomware group was behind the incident, which affected 233 gas stations across Germany.

On Thursday, multiple ports in Belgium and the Netherlands reported issues after a cyberattack affecting IT services. Terminals operated by SEA-Tank, Oiltanking, and Evos in Antwerp, Ghent, Amsterdam, and Terneuzen are all dealing with issues related to their operational systems. In a statement to ZDNet, Oiltanking said it "declared force majeure" due to the attacks. 

A spokesperson from Evos told ZDNet that they are continuing to operate their terminals but are having some delays after the attack disrupted IT services at terminals in Terneuzen, Ghent, and Malta. Prosecutors in Antwerp have opened an investigation into the cyberattacks.

Billion-dollar German logistics firm Hellmann Worldwide Logistics was also hit with ransomware in December.

The Dutch Ministry of Justice and Security told ZDNet that news outlets making connections between the attacks in The Netherlands, Belgium, and Germany were incorrect. 

"Based on the information, the NCSC has seen the following: As far as currently known, it doesn't seem to be a coordinated attack. Probably the attacks have been carried out with a criminal intent aimed at financial gain," NCSC spokesperson Miral Scheffer said. 

"The NCSC will monitor the situation closely and take actions when necessary."

Editorial standards