Grupo Aeroportuario del Centro Norte (OMA) reports ransomware attack

The ransomware group RansomHub has claimed the attack on Mexico’s Grupo Aeroportuario del Centro Norte (OMA), claiming theft of over 3 terabytes of confidential data from the company.

The Grupo Aeroportuario del Centro Norte (OMA) is a major Mexican airport operator responsible for managing 13 airports across central and northern Mexico, including Monterrey International Airport, one of the country’s busiest.

According to RansomHub, this data includes evidence of alleged collaboration between OMA employees and criminal cartels in Mexico. The group has set a deadline of November 2, 2024, for OMA to meet its demands for payment, warning that if OMA does not comply, they will publicly release the stolen information, which includes financial documents and internal communications.

OMA has acknowledged the cyberattack on October 18, 2024 and claims to have managed to restore operations without paying a ransom.

 RansomHub claims to have accessed:

• Financial and accounting details
• Evaluations and confidential agreements
• Internal communications with cybersecurity firms (Hold Security, HSTechnology)
• Critical databases and internal emails

RansomHub is also threatening to release OMA’s data to competitors and financial entities such as BlackRock if payment is not made.