Biman Bangladesh employees facing 'salary delays' due to cyber attack: Reports
Dhaka: Biman Bangladesh Airlines, which is the national carrier of the country, is currently facing delays in the disbursement of salaries to its employees due to an alleged cyber attack on the national carrier's email servers in March this year, media reports said.
Sources from the airline told Dhaka Tribune they have been unable to fully recover the email server even though a month and a half has passed since the attack.
On condition of anonymity, a Biman employee told the newspaper that he had not been paid on time in the last two months.
However, Biman Bangladesh has denied the media reports on the alleged attacks.
Biman Joint Secretary Siddiqur Rahman, who has been serving as acting managing director and CEO while Shafiul Azim is in London, told Dhaka Tribune: "Everyone got payment but there was a bit of delay. We are operating everything using a backup server."
Digital Security Agency and Civil Aviation Ministry insiders furnished Dhaka Tribune with documents that suggested the hackers demanded $5 million in ransom for restoring Biman's access to its email servers.
Recently , Biman MD and CEO Shafiul Azim said: “There was no disruption in the operations or operational work of Biman. Our activities are going on as usual.
Wishing anonymity, officials at administration & HR Directorate of the airlines said that they used to receive salaries on the first two days of every month, but did not receive salaries for March and April on time due to the accounts server being down, reports Dhaka Tribune.
Along with the cyber attack on March 17, the hackers had sent a message that read “Hello” and had a yellow, parallelogram-shaped logo using the unique malware “Zero Day Attack.”
The next day, the hackers demanded $5m in ransom by March 20.
On March 21, they sent another message threatening to publish 100GB personal and confidential data unless the ransom was paid by the deadline, the newspaper reported.
The hackers have reportedly threatened to publish flight, passport, and other information of passengers and Biman employees on an online blog if they did not receive the ransom.
Interestingly, the Bangladesh government declared 29 organizations, including Biman, as “critical information infrastructure” under the Digital Security Act in October 2022.