Watch Now

Airport services company Swissport hit by ransomware attack

Cargo handler says impact ‘contained’ but website is down

A Swissport tug at Bristol Airport in England. (Photo: Shutterstock/Ceri Breeze)

(Updated Monday, Feb. 7, 2022, 8:37 a.m. ET)

Swissport, one of the largest airport services companies in the world, quickly notified customers Thursday that its cargo services division was the target of a ransomware attack early in the morning.

The company said the intrusion was promptly detected by its IT security team and “the impact was largely mitigated.” 

The company’s website was accessible Monday after being out-of-service on Friday. Visitors to the site on Friday received a blank page with the following message: “Back-end server is faulty or not available.”

“The affected infrastructure was quickly taken offline and manual workarounds or fallback systems have remained operational. A full system clean-up and recovery is now underway and we do not expect any significant delays,” Swissport said in a statement provided to American Shipper on Monday.

The ground handling company said Thursday that several servers were affected, which caused some systems to be temporarily unavailable. The attack has been “contained,” the ground handling company said. It is isolating servers to avoid the further spread of the problem and restoring systems by switching to unaffected cloud servers. 

“The majority of critical systems and applications are not impacted or at risk,” Swissport said. “We are prioritizing our operational systems and are doing everything we can to resolve the issue as fast as possible.”

It said it has implemented backup processes and resources to maintain smooth operations. One of those measures is the use of paper manifests. In a separate customer notice on Friday, Swissport said it is providing paper manifests at its Brussels Airport station. It is unclear whether manual processes are also required at other airports.

“Despite these efforts your performance may be impacted and not reach the levels you are used to,” Swissport told its airline customers and freight forwarders that rely on the company to process inbound and outbound shipments tendered to airlines.

In a ransomware attack, hackers insert malware that encrypts files on a victim’s computer or across a network. The cybercriminals who launch them extort their victims by demanding a payment in exchange for providing a digital key to restore access. Often, the criminals also steal data for additional leverage.

Airlines hire companies like Swissport to handle baggage and cargo, refuel aircraft, staff passenger gates and provide other services.

Prior to the pandemic, Swissport processed about 224 million passengers and 4.5 million tons of cargo per year at nearly 300 airports. It had more than 60,000 employees. It operates about 120 cargo warehouses.

In December 2020 Swissport completed a financial restructuring as part of a debt-for-equity swap in which Chinese conglomerate HNA Group sold a majority stake to a consortium of U.S. and British private equity firms, including Apollo Global Management. 

The company’s revenues substantially dried up when the COVID pandemic shut down passenger travel and airlines canceled, or scaled back, contracts. 

Click here for more American Shipper/FreightWaves stories by Eric Kulisch.


How does a ransomware attack work?

Eric Kulisch

Eric is the Supply Chain and Air Cargo Editor at FreightWaves. An award-winning business journalist with extensive experience covering the logistics sector, Eric spent nearly two years as the Washington, D.C., correspondent for Automotive News, where he focused on regulatory and policy issues surrounding autonomous vehicles, mobility, fuel economy and safety. He has won two regional Gold Medals from the American Society of Business Publication Editors for government coverage and news analysis, and was voted best for feature writing and commentary in the Trade/Newsletter category by the D.C. Chapter of the Society of Professional Journalists. As associate editor at American Shipper Magazine for more than a decade, he wrote about trade, freight transportation and supply chains. Eric is based in Portland, Oregon. He can be reached for comments and tips at [email protected]