RansomHub Grounds Mexican Airports, Demands Ransom

The hacker group RansomHub has claimed responsibility for a cyberattack on the operator of 13 airports in Mexico. Grupo Aeroportuario del Centro Norte (OMA), which oversees airports in the central and northern regions of the country, including major cities, stated that its IT specialists had to switch to backup systems to maintain operations. According to the company, its airports have served over 19 million passengers since the start of the year.

RansomHub has threatened to release 3 terabytes of stolen data unless a ransom is paid. Currently, OMA’s IT team is collaborating with cybersecurity experts to investigate the incident and secure its systems.

OMA has alerted passengers about temporary inconveniences. Flight information screens are currently out of service, but staff members are assisting passengers in locating the necessary terminals. Additionally, QR codes have been placed throughout the airports to help passengers find their boarding gates.

The first report of the incident came on October 15, when OMA’s airport screens went offline. Microsoft also noted that RansomHub remains one of the most active groups in the ransomware market.

In 2024, the number of active ransomware groups surged by 30%, as confirmed by the annual report from Secureworks published on October 8. The report highlights that 31 new groups have emerged in the cyber threat landscape over the past 12 months.

Recently, RansomHub executed a successful cyberattack on Delaware’s public library network, demanding a $1 million ransom. The attack impacted all 35 branches under Delaware Libraries’ management, causing disruptions across its IT infrastructure. Computer labs were closed throughout the state, and several libraries warned visitors about potential outages affecting internet access, telephones, and other services. For instance, the Georgetown Library has advised patrons to call ahead, as printing, internet access, and computer use remain unavailable.