Airport services company Swissport hit by ransomware attack

Cargo handler says impact ‘contained’ but website is down

An airport tug with Swissport logo below a light-blue plane as people come off the stairs.

A Swissport tug at Bristol Airport in England. (Photo: Shutterstock/Ceri Breeze)

(Updated Monday, Feb. 7, 2022, 8:37 a.m. ET)

Swissport, one of the largest airport services companies in the world, quickly notified customers Thursday that its cargo services division was the target of a ransomware attack early in the morning.

The company said the intrusion was promptly detected by its IT security team and “the impact was largely mitigated.” 

The company’s website was accessible Monday after being out-of-service on Friday. Visitors to the site on Friday received a blank page with the following message: “Back-end server is faulty or not available.”


“The affected infrastructure was quickly taken offline and manual workarounds or fallback systems have remained operational. A full system clean-up and recovery is now underway and we do not expect any significant delays,” Swissport said in a statement provided to American Shipper on Monday.

The ground handling company said Thursday that several servers were affected, which caused some systems to be temporarily unavailable. The attack has been “contained,” the ground handling company said. It is isolating servers to avoid the further spread of the problem and restoring systems by switching to unaffected cloud servers. 

“The majority of critical systems and applications are not impacted or at risk,” Swissport said. “We are prioritizing our operational systems and are doing everything we can to resolve the issue as fast as possible.”

It said it has implemented backup processes and resources to maintain smooth operations. One of those measures is the use of paper manifests. In a separate customer notice on Friday, Swissport said it is providing paper manifests at its Brussels Airport station. It is unclear whether manual processes are also required at other airports.


“Despite these efforts your performance may be impacted and not reach the levels you are used to,” Swissport told its airline customers and freight forwarders that rely on the company to process inbound and outbound shipments tendered to airlines.

In a ransomware attack, hackers insert malware that encrypts files on a victim’s computer or across a network. The cybercriminals who launch them extort their victims by demanding a payment in exchange for providing a digital key to restore access. Often, the criminals also steal data for additional leverage.

Airlines hire companies like Swissport to handle baggage and cargo, refuel aircraft, staff passenger gates and provide other services.

Prior to the pandemic, Swissport processed about 224 million passengers and 4.5 million tons of cargo per year at nearly 300 airports. It had more than 60,000 employees. It operates about 120 cargo warehouses.

In December 2020 Swissport completed a financial restructuring as part of a debt-for-equity swap in which Chinese conglomerate HNA Group sold a majority stake to a consortium of U.S. and British private equity firms, including Apollo Global Management. 

The company’s revenues substantially dried up when the COVID pandemic shut down passenger travel and airlines canceled, or scaled back, contracts. 

Click here for more American Shipper/FreightWaves stories by Eric Kulisch.

RELATED NEWS:


How does a ransomware attack work?

Exit mobile version