Cyber Incident Victim: SpiceJet
Date:
May 2022
Location:
India
Summary
A low-cost airline experienced an attempted ransomware attack that disrupted flight operations, causing widespread delays and some cancellations due to cascading system impacts. The incident also affected its cargo division, leading to freighter delays, while compromised employee data left staff vulnerable. The carrier's IT team largely contained the breach and collaborated with cybersecurity authorities, though the attack exacerbated existing operational and financial challenges faced by the organization.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 24, 2022, SpiceJet, an Indian low-cost airline and freighter operator, experienced a ransomware attack that disrupted its flight operations nationwide. The attack was detected the previous night, leading to significant delays and cancellations of morning flights. A spokesperson confirmed the incident as an "attempted ransomware attack" affecting certain systems, which caused cascading operational disruptions. The airline’s IT team managed to contain and rectify the situation to a large extent, but the attack’s impact persisted, particularly affecting flights to airports with night operation restrictions, forcing some cancellations. SpiceJet engaged cybersecurity experts and notified cybercrime authorities to address the breach. The airline’s cargo division, SpiceXpress, which operates four 737 freighters on intra-Asian routes, faced delays of one to three hours, disrupting cargo flow during a period of economic recovery. Passenger operations were severely impacted, with travelers reporting extended ground delays exceeding three hours and criticizing the airline’s customer service. Staff cited system outages, including an inability to print boarding passes due to server issues, exacerbating passenger frustration.
The incident compounded existing operational and financial challenges for SpiceJet, which had previously faced regulatory scrutiny and service-related penalties from Indian aviation authorities. Earlier in May 2022, the Directorate General of Civil Aviation (DGCA) grounded a SpiceJet aircraft due to technical faults, and the Airport Authority of India (AAI) had placed the airline on a restrictive "cash and carry" payment mode in 2020 over unpaid dues. Despite these pressures, SpiceJet reported a net profit of Rs232.8 million ($3 million) for the third fiscal quarter (October–December 2021), with its cargo division handling 39,000 tons of freight. The ransomware attack highlighted vulnerabilities in the aviation sector’s IT infrastructure, occurring shortly after a similar cyber incident disrupted global logistics firm Expeditors International. SpiceJet’s response focused on restoring systems and minimizing flight schedule deviations, though the attack underscored the broader industry risk of cyber threats to critical transportation networks.