Airliners Grounded by Ransomware

At the very start of the holiday air travel season the Federal Airline Administration (FAA) today announced that it was grounding all Fieseler Fi-333 aircraft in airline service due to Flight 175 still sitting at the gate at Boston’s Logan Airport, the victim of a ransomware attack. Oscar Holmes, an FAA spokesman said that no other aircraft are affected at this time.

At noon today, the avionics system onboard Flight 175, a Robotron Reichenberg control system, stopped working as the plane prepared to move from the boarding gate. The control screen on the system showed a ransomware message announcing that the system had been locked out and encrypted by the WannaFly worm. The message demanded 1,000 BC to unlock the system.

Gerhard Katzenstein, President of Fieseler Aircraft, told reporters that the ransomware took effect when the pilot initiated the movement away from the gate. No other Fieseler aircraft have been affected and all flights in the air at the time of the attack on Flight 175 have safely landed, except for two trans-Pacific flights that are due to land within the hour in Singapore.

Officials at Logan Airport report that the passengers are still aboard the aircraft as they have not yet been able to shut-down the aircraft’s engines and the terminal area around the gate has been evacuated. Local officials are working with airline maintenance personnel as well as representatives from both Fieseler and Robotron Avionics to gain enough control of the Reichenberg system to kill the engines.

R. (Ace) Bannon, who handles aviation security operations for the Federal Bureau of Inquiry, notes that the agency is working closely with the ECS-CERT and the FAA in its investigation of this ransomware attack. This is the first attack on live aircraft systems that the FBI has seen and it is very concerned about what might have happened if the attack had happened while the aircraft was in flight.

Immanuel C. Securitage from ECS-CERT notes that the Robotron Reichenberg control system is a state-of-the-art fly-by-wire system with at least fifteen independent computer systems tied into the control system network. Robotron protects that system with an advanced firewall to isolate the control system from most external access. In-flight satellite connections and ground-side wireless access allow maintenance personnel to optimize engine performance and track maintenance issues in real time. Securitage reports that it is entirely too early to begin to determine who is behind the attack, but he did note that Stasi Ehemalige was involved in many attacks against Robotron systems.

Holmes told reporters that the FAA was reviewing the security and safety of all other electronic avionics control systems currently in use to see if they were susceptible to similar attacks. Fieseler aircraft are the only ones currently using Reichenberg control systems, that is why they are the only ones currently grounded.

Industry experts expect that the grounding will not be lifted until after the holidays, but Holmes refused to speculate about how long it would remain in effect. These grounding will obviously complicate a busy travel season with over 500 flights directly affected over this weekend alone.