Low-cost Indian airline SpiceJet has informed its customers today of an attempted ransomware attack that has impacted some of its systems and caused delays on flight departures.
According to the announcement published on the airline’s social media channels, its IT team managed to thwart the attack, so everything is back to normal operational status.
However, multiple customer reports on Twitter and Facebook still reflect ongoing problems, highlighting flight delays, saying that customer service via phone is unreachable, and the bookings system remains unavailable.
BleepingComputer confirmed at the time of writing that only the homepage of SpiceJet was working, while most underlying systems and webpages failed to load.
The flight status tables were accessible, though, and showed massive delays on all destinations we’ve checked, ranging between two to five hours.
According to public data, SpiceJet is the second-largest airline in India, operating a fleet of 102 aircrafts to serve over 60 destinations. The firm has more than 14,000 eployees and holds about 15% of the local market share.
As such, a cyberattack impacting its operations affects a large number of passengers across India and international destinations, and those multi-hour delays translate to significant financial losses.
BleepingComputer has reached out to SpiceJet for more details about the ransomware attack and a company spokesperson shared the following statement:
Certain SpiceJet systems faced an attempted ransomware attack last night that has impacted our flight operations. While our IT team has to a large extent contained and rectified the situation, this has had a cascading effect on our flights leading to delays.
Some flights to airports where there are restrictions on night operations have been cancelled. SpiceJet is in touch with experts and cyber crime authorities on the issue.
Previous trouble
In January 2020, SpiceJet confirmed a data breach incident that allowed an unauthorized individual to access a database backup file on one of the airline’s poorly protected servers.
The file contained unencrypted information of 1,200,000 passengers who had used SpiceJet’s services in the previous month, including their full names, flight information, phone numbers, email addresses, and dates of birth.
In 2021, SpiceJet went through severe financial trouble result of grounding its fleet due to COVID-19 restrictions, reporting an annual revenue loss of 28%, which directly threatened the sustainability of its business.
It is easy to assume that this dire financial situation didn’t leave much margin for investing in cybersecurity and incident response, which might be what allowed the ransomware actors in this case to launch a successful attack.