Cyber Incident Victim: Louisville Regional Airport Authority

On May 20, 2019, the Louisville Regional Airport Authority (LRAA) experienced a ransomware attack that disrupted its administrative systems. The attack encrypted localized files within the municipal corporation's network infrastructure. LRAA, responsible for managing Louisville Muhammad Ali International Airport and Bowman Field, confirmed the incident through official statements reported by local news sources. The ransomware did not compromise airport security systems, flight operations, or air traffic control functions at either facility, allowing both airports to maintain normal operations throughout the incident. The attack specifically targeted LRAA's internal administrative network rather than operational technology systems directly involved in aviation activities.

The organization, employing approximately 200 full-time staff members, initiated immediate recovery procedures without negotiating with the attackers. LRAA publicly stated it would not pay any ransom demands and instead relied on backup systems to restore encrypted data. Restoration efforts focused on recovering localized files affected by the encryption, though the specific ransomware variant and initial infection vector were not disclosed. No data exfiltration or secondary impacts on passenger services, baggage handling, or runway operations were reported. The incident remained contained to LRAA's administrative network infrastructure without spreading to critical aviation systems or partner organizations.