The Allied Pilots Association (APA) says it has made progress in restoring its systems after falling victim to a file-encrypting ransomware attack last week.
The incident, the American Airlines pilot union says, occurred on October 30 and resulted in certain systems being encrypted.
“Our IT team, with the support of outside experts, continues to work nonstop to restore our systems. We are pleased to report that our restoration efforts are progressing, and we will soon be able to begin to bring back some of our online services,” the organization said in a November 2 incident notification.
The restoration efforts, APA said, would focus on pilot-facing products and tools, with full operations expected to be restored later.
Over the weekend, the organization announced that it had restored most functionality, including access to the alliedpilots.org website. However, it also reset all passwords on the website, informing users that they would need to select new ones when attempting to access the portal.
In a social media post on Saturday, the union said it expects all systems to be restored to full functionality within days.
“Concurrent with our restoration efforts, we launched an investigation, under the guidance of third-party cybersecurity experts, to determine the scope of this incident,” the organization announced.
While it revealed that ransomware was used in the attack, APA has shared no details on the type of ransomware used and whether user data was exfiltrated during the incident, but promised that more details will be shared as its investigation progresses.
Founded in 1963 and headquartered in Fort Worth, Texas, APA is an independent pilots’ union, providing various representation services to the 15,000 professional pilots who fly for American Airlines.
In June, American Airlines announced that the data of more than 5,000 individuals was compromised in a data breach at pilot recruitment application managing portal Pilot Credentials.
Related: Critical Apache ActiveMQ Vulnerability Exploited to Deliver Ransomware
Related: Authorities Shut Down RagnarLocker Ransomware Infrastructure
Related: CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware