CLEVELAND — In a news conference Monday, city and airport officials confirmed ransomware infected portions of Cleveland Hopkins International Airport's baggage and flight screens and its email system.
For nearly a week, the screens at the airport went dark and the email systems were down. During the period of time technical issues affected the airport, city officials downplayed the malfunctions early on, saying Monday in a statement, “Cleveland Hopkins International Airport is experiencing technical issues which are impacting a small number of systems. Email is temporarily down as well as in-airport flight and baggage information screens. All other systems are functioning as normal and there are no impacts to flights or safety and security operations.”
It wasn't until Friday that city officials confirmed malware infected the airport's computer system, while still sticking by the fact that they were "not hacked and no ransom demands were made."
Watch the entire news conference below:
What we know:
FBI Agent Bryan P. Smith, who oversees cybersecurity for the FBI’s Cleveland Division, confirmed that the investigation revealed ransomware was in fact on the network. Because the issue remains under investigation, he said he couldn’t provide many details.
“There were no safety issues at the airport. The FBI was notified on Sunday about the incident and our office provided some guidance to the staff and how to deal with it,” Smith said. “We have a dedicated team of cyber experts that is familiar with the malware affected in the Hopkins system.”
"We confirmed ransomware is on this system," Smith said.
Officials blamed malware and not hacking for the technical issues, but experts News 5 spoke to said there isn't much of a difference between malware and hacking.
The definition of hacking is when someone gains unauthorized access to data in a system or computer; it can usually be described as when a program appears on someone's computer they didn't ask for. Malware is defined as software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. Ransomware is a specific malware that encrypts files on any system.
Director of Port Authority for the City of Cleveland Robert Kennedy said they determined Sunday there was something in the system that should not have been there.
"On Sunday, we noticed anomalies on the screen, so we called in our IT group, which started their investigation. At that investigation, they determined that there was something that shouldn't be there," Kennedy said.
The city didn’t acknowledge that malware infected the system until Friday— nearly a week after officials noticed technical issues affecting the airport. Officials said Friday the systems were not accessed by any unauthorized personnel, and were therefore not hacked, and there were no ransom demands.
News 5 repeatedly asked airport officials throughout the week if the technical issues were the result of a hack or some kind of malicious intrusion into the airport’s systems.
At one point during Monday's news conference, the city blamed New Zealand’s version of Memorial Day as one of the reasons it took so long to resolve the technical issues at Cleveland Hopkins International Airport.
What remains unanswered
During the press conference, there was a discussion on whether updates were given to the media in an appropriate matter of time. City and airport officials didn't confirm until almost a week after they noticed something was wrong that a malware virus infected the airport's computer system.
"We did not lie to the media, now we may not have given you what you wanted to hear because we couldn't share what we don't have...We tried to clarify misinformation. There were a lot of rumors out there. We sent daily updates on a situation that we didn’t know much about," said Valarie McCall, Chief of Communications, Government & International Affairs for the City of Cleveland.
McCall appeared to deflect questions from reporters who felt they were misled and not given updated information throughout the week the airport was experiencing technical issues.
Neither the city nor the FBI could specify if ransom demands were made or confirm how much the ransom demand was for since the files were encrypted—even though ransomware was detected.
"As the city started unfolding this, our files were encrypted. If there was a ransom at that point, we did not know of a ransom nor would we explore of investigate paying a ransom. We come to learn during our briefing that the malware would have been a request for ransom however it’s not something we will pursue," Kennedy said.