Email addresses related to airline activities are operational despite malware attack: Biman

Biman Bangladesh Airlines reported today that despite a malware attack on its server, email IDs connected to the airline's operational activities are still functional through Microsoft's cloud services thanks to a workaround.

The national flag carrier made this statement in a press release after various news outlets ran articles claiming that Biman's email server had been hacked on Saturday.

However, Biman made no mention of the malware attack's methodology or participants in its press release.

According to a press release, Biman's computers and servers were attacked by malware on Saturday. The affected server was immediately isolated, and email services were suspended for the day.

Given that Biman is a scheduled organization under Section 15 of the Digital Security Act of 2018 and also falls under Critical Information Infrastructures, necessary steps are being taken in accordance with technical guidelines provided by the Digital Security Agency. (CII).

Biman Six days after the initial attack, Bangladesh Airlines has not yet recovered its email server.

Ransomware, a type of malware from cryptovirology, attacked the email server of the national airline and threatened to publish the victim's personal information or permanently block access to it unless a ransom was paid.

Biman-based sources claim that the hackers demanded a sizable ransom.

Shafiul Azim, the CEO and managing director of Biman, challenged the assertion, claiming that nobody has yet gotten in touch with them or demanded a ransom from the company.

The national carrier was unable to use its official email to communicate with anyone domestically or abroad after the server was compromised.

Currently, all emails sent by every single official in Biman are accessible to the ransomware, including emails containing private information about aircraft, routes, pilots, airports, schedules, passengers, purchases, billing, procurement, and other sensitive topics.

Given the nature of the organization, Biman was designated a critical information infrastructure last October.

The Digital Security Act defines these infrastructures as those that manage, circulate, process, or store any information-data or electronic information that, if seriously compromised, could have a negative impact on public security, financial stability, public health, national security, or the integrity of the nation.

No data or information, according to Biman MD, was taken.