Attackers Target Croatia’s Airport Systems, Demand Ransom from Authorities
Croatian officials have reported that St Jeronim Airport in the popular coastal city of Split, Croatia was hit by a major cyberattack on Monday evening. The cyberattack targeted the airport’s IT systems, causing technical difficulties and disruption to flight operations.
According to Airport manager Pero Bilas and Transport Minister Oleg Butkovic, the airport’s IT network experienced problems starting around 7:30pm local time on July 23rd, 2024. The technical issues affected the airport’s digital systems, resulting in an unspecified number of flights being cancelled or delayed. Passengers were forced to stay overnight at the airport as their departing flights were disrupted by the cyber incident.
Butkovic stated that the airport was definitely hit by a well-organized cyberattack, revealing that the hackers behind the incident had contacted authorities seeking to negotiate. However, Croatian officials refused to engage with the criminals. In response, cybersecurity experts were brought in to work intensively on resolving the technical issues and restoring normal airport operations.
On July 24th, Interior Minister Davor Bozinovic identified the attackers as an international criminal group with ties to Russian ransomware operations. Bozinovic said the hackers used typical ransomware tactics, encrypting systems and demanding payment to decrypt them. Through cooperation with foreign law enforcement partners, the attackers were geolocated to an area in Eurasia.
Local IT security experts linked the cyber incident to the Conti ransomware group, a notorious Russia-based cybercrime syndicate. Conti is known for leveraging ransomware to target organizations and Infrastructure across Europe and demanding large ransom payments paid in cryptocurrency.
By the afternoon of July 24th, airport authorities reported there were no major flight delays remaining as systems were being managed manually in the aftermath. The St Jeronim Airport is the busiest in Croatia during summer season, handling over 3.5 million passengers in 2021, most of whom were tourists visiting the scenic Dalmatian Coast region.
The airport cyberattack comes just days after global IT outages caused by a CrowdStrike software update, highlighting the vulnerability of digital infrastructure to cyber threats. Croatian officials vowed to investigate the incident and work with international law enforcement to identify and prosecute the cybercriminals responsible for the ransomware attack on Split Airport.
Effect on Passengers and Summer Tourism Season in Croatia
Local media reported that an unknown number of passengers were stranded at Split Airport overnight on July 23rd as their flights were cancelled or delayed by several hours due to the cyberattack’s impact on airport systems. Passengers described confusion and congestion as staff could only provide limited information and had to process flights manually.
The timing of the attack could not have been worse as it occurred during the peak summer tourism season in Croatia, which is heavily reliant on tourist visits and airport travel. Croatia received over 20 million foreign tourists in 2021 and earns over $10 billion annually from the industry. Any flight disruptions put strain on the local tourism economy.
Airport manager Pero Bilas stated that officials were working closely with airlines to find alternative arrangements for affected passengers. Some travelers had to be rebooked on different flights through other regional airports. Bilas assured that the airport was making every effort possible to minimize further travel disruptions and return to normal operations as systems were recovered from the cyberattack.
The ransomware incident demonstrated the vulnerability of digital systems supporting Croatia’s critical tourism infrastructure. Authorities face an ongoing challenge to strengthen cybersecurity defenses against sophisticated international cybercrime groups regularly targeting such sectors with ransomware for profit. Until the cyber threat evolves, similar attacks on other European tourism and transport networks remain a serious risk.