Cyber Incident Victim: Albany International Airport

On or around December 25, 2019, Albany International Airport's administrative servers were compromised in a cyberattack involving Sodinokibi ransomware. The attack encrypted administrative documents and archived data but did not impact airport operations, airline systems, or Transportation Security Administration (TSA) servers. Airport officials confirmed no unauthorized access to passenger financial or personal information occurred. The Albany County Airport Authority immediately notified the FBI and New York State Cyber Command upon discovering the incident and engaged cybersecurity firm ABS Solutions to assist with the investigation. Due to the unavailability of backups, the airport paid a ransom demand described as "under six figures" to regain access to encrypted systems. Airport CEO Philip Calderone stated administrative functions were restored within hours through rapid IT department intervention, ensuring normal operations continued during the busy holiday travel period.

The airport's insurer reimbursed most of the ransom payment, with the airport responsible for a $25,000 deductible billed to LogicalNet, their former IT provider. Calderone announced the termination of the airport's relationship with LogicalNet following the attack. No evidence suggested data exfiltration beyond the encryption of administrative files. The incident occurred amid a broader wave of Sodinokibi ransomware activity, including contemporaneous attacks on Travelex foreign exchange services and U.S. data center provider CyrusOne. While Travelex faced threats of stolen data publication, Albany International Airport reported no comparable data exposure. Calderone publicly acknowledged assistance from law enforcement and cybersecurity partners in resolving the incident, emphasizing the containment of operational disruptions despite the administrative system compromise.