The RansomHub ransomware group has claimed responsibility for a cyberattack on Grupo Aeroportuario del Centro Norte (OMA), an operator of 13 airports across central and northern Mexico, including the high-traffic Monterrey airport. OMA’s IT team has turned to backup systems to keep operations running after the October 15 attack, but display screens remain down, forcing airports to use QR codes and staff to assist passengers in navigating terminals.
RansomHub has threatened to release 3 terabytes of data if their ransom demands remain unmet. U.S. security agencies flagged RansomHub in August, linking the group to over 210 incidents since its emergence in early 2024. The Mexican company, listed on NASDAQ, reported over $550 million in revenue for the first nine months of 2024, addressing the cyber incident in its earnings report last week, confirming they are collaborating with external cybersecurity advisors to assess and contain the breach. Though OMA has stated that the attack has yet to materially impact its financial position, they are closely monitoring for potential adverse effects.
Microsoft recently identified RansomHub as a dominant player in the ransomware sphere, noting that this malware variant has become widely deployed by financially driven cyber actors like Manatee Tempest and Storm-1874. RansomHub’s attacks mirror the tactics of groups like LockBit, which disrupted another major Mexican airport last year.
OMA’s social media updates confirm that the attack, while contained, is still affecting services across its airports. With flight information screens down, passengers are advised to arrive early and follow updates from local airlines for accurate information.
This incident highlights the heightened risk to critical infrastructure, with airports, especially those in Mexico, facing an increasing number of cyber threats as ransomware groups expand operations globally.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
