Departure game: what passengers of cancelled Aeroflot flights can expect
Passengers of cancelled Aeroflot flights can expect to receive a refund of the money spent on tickets in full, as well as payment of insurance against non-departure, if they purchased them, lawyers told Izvestia. But the probability of compensation for moral damage — if the vacation was ruined — will depend on whether the court considers the situation to be force majeure. On July 28, more than 80 paired Aeroflot flights were delayed and 54 cancelled. The reason was a malfunction in the company's information system as a result of a hacker attack, the Prosecutor General's Office said. Air carriers have not previously encountered a cyber attack of this scale, and a full restoration of systems may take about a year, experts noted. How to deal with passengers affected by flight cancellations and delays is in the Izvestia article.
What happened at Sheremetyevo
Since Monday morning, July 28, the departure and arrival board at Sheremetyevo International Airport has been red due to cancelled flights. Dozens of Aeroflot flights that day were postponed to other dates or completely canceled due to a glitch in the information system.
People were unable to fly to Bodrum, Antalya, Sochi, Istanbul, Volgograd, Astrakhan, Hurghada, Dubai, Tyumen, Perm and several dozen other cities in Russia and abroad. According to the Ministry of Transport and the airline itself, 54 paired flights were canceled. More than 80 took off late, the Prosecutor General's Office said.
The global failure in the Aeroflot information system was the result of a hacker attack, the supervisory authority also said. A criminal case has been opened on illegal access to computer information.
Passengers of the cancelled flights were promised a refund. In addition, they have the opportunity to reissue tickets for available seats on a similar flight in the next ten days after the restoration of IT systems. However, you can't change tickets at the airport. And you can get a refund "in the ticket purchase channel".
Passengers of connecting flights were promised to automatically pick up a seat on the next flight with empty seats. The same opportunity will be available to the participants of the flight, children who are flying unaccompanied by their parents, as well as passengers with disabilities.
Due to the large number of passengers, there were not enough seats in Sheremetyevo's waiting rooms. People were sitting on the escalator steps, and long lines formed at the departure gates.
"All the people are standing, waiting, crowding, it's not clear yet whether we will leave today or not," Danila Sadovsky, a passenger on the delayed Moscow—Kaliningrad flight, told Izvestia on Monday morning.
Another passenger, Ekaterina Vologodskaya, said that on July 28, she and her children were supposed to fly to Moscow from Sochi on vacation. However, half an hour before departure, my husband received a text message saying that the flight was canceled.
— We arrived at the airport — there was no information, no one came out to us and did not explain anything, — she said. — We're standing here and we don't understand what's going on. We are in a state of prostration.
Mikhail flew with his family on vacation to Kaliningrad. The flight was supposed to take place at 10:00, but it was canceled.
"We rented a hotel, planned excursions, and wanted to swim in the sea," he told Izvestia. — Now we have the whole recreation scheme in flight. Very unpleasant.
Sheremetyevo passenger Yulia Odidenko flew to Moscow from St. Petersburg. She was supposed to have a connecting flight to Sheremetyevo. She was on her way to Nizhnekamsk on a business trip.
"The cancellation is critical, as we were supposed to start work tomorrow," she said.
Later that day, the Ministry of Transport and the Federal Air Transport Agency, together with Aeroflot, organized the transfer of some passengers to flights operated by Rossiya and Pobeda airlines.
"Aeroflot also flexibly uses its own cargo capacities to minimize difficulties with the implementation of the flight plan. Other Russian airlines operate flights on schedule, and all airports in the country accept and send flights," the Federal Air Transport Agency said.
What can passengers expect?
According to the rules of carriage, the cancellation of the flight obliges the airline to fully refund the passenger the money spent on the purchase of the ticket, Aleksan Mkrtchyan, Vice President of the Alliance of Travel Agencies (ATA), told Izvestia. The refund amount must be no more or less than the actual costs incurred.
If the flight is postponed, the airline is obliged to provide the passenger with accommodation and three meals a day before departure. But for an airline, such a scenario is much more expensive than a simple refund, Aleksan Mkrtchyan noted.
"You have to understand that in its entire history, Aeroflot has never faced such challenges," the expert said, referring to the number of cancelled and rescheduled flights in a short period of time.
An organized tourist, that is, who has bought a tour, must be delivered by the tour operator to the destination at his own expense. If the tourist went on a trip by himself, then he will have to find money for a quick purchase of a new ticket on his own.
— Hacker attacks on airline websites and the introduction of a "Carpet" plan (a mode in which the airspace over a certain territory is completely closed. — Izvestia) They have become a sign of the times," said Aleksan Mkrtchyan. — During such a period, I would not advise tourists to travel anywhere on their own, especially abroad.
Lawyers interviewed by Izvestia agreed that it is most likely that citizens who have taken out insurance against non-loss will be able to receive compensation for damage. The rest only have a real chance of getting a refund or a replacement ticket.
The law "On the Basics of Tourist Activity" gives tourists the right to demand from the tour operator a proportionate reduction in the price of the tour, added Elena Yakusheva, partner at the law firm Pleshakov, Ushkalov and Partners. As for compensation for flight cancellations, in practice, passengers were able to recover it from carriers.
"The courts awarded sums of 10-100 thousand rubles," the lawyer said. — At the same time, the presence of class actions is also possible if the failure affected a significant number of consumers and was caused by a common cause. Now passengers need to fix losses and file claims directly with the airline, and in the absence of satisfaction — with Rospotrebnadzor or the court.
Is the situation recognized as force majeure
The possibility of compensation for moral damage in court depends on whether the situation is recognized as force majeure, the experts explained. According to the rules of carriage, force majeure does not depend on the actions or omissions of the carrier. A flood, fire, or other natural disaster can be recognized as such, and in modern realities, there is also a Carpet plan.
"In the situation with Aeroflot, the airline and insurers will clearly insist on force majeure,— believes Aleksan Mkrtchyan. — However, tourists and their lawyers may insist that Aeroflot's IT specialists did not ensure proper protection of the airline's servers. And this is not force majeure, but the human factor and the responsibility of the carrier.
In order for this incident to be recognized as force majeure, Aeroflot's lawyers will have to prove that the company's cybersecurity structures have taken all possible measures to prevent the attack, said Ilya Drozdov, a lawyer at the Moscow bar Association Union of Lawyers.
If the court finds that the airline could and should have prevented vulnerabilities in the system, then it will not be able to invoke force majeure, Elena Yakusheva said.
401 of the Civil Code of the Russian Federation, a technical failure in the airline's systems is usually not recognized as force majeure, since it does not meet the criteria of emergency and unavoidability, Alina Laktionova, head of the private client practice at Mitra Law Firm, told Izvestia. According to her, the air carrier must provide for the risks of technical failures and have mechanisms to prevent and eliminate them.
"But in this case, we are dealing not just with a glitch, but with a hacker attack of the highest level," the lawyer said. — And this is a crime that the company could not have foreseen.
Insurance companies may also refuse to pay compensation to passengers, Aleksan Mkrtchyan does not exclude. However, this will affect only a few: according to statistics, less than 20% of passengers buy insurance against non-flight. The remaining 80% do not want to overpay for tickets.
How long will the system be restored?
The initial restoration of the Aeroflot information system, which was hacked by hackers, can take up to a week, provided that the attackers did not get to the backups (backups), cybersecurity companies interviewed by Izvestia said.
But hackers probably destroyed some of the company's virtual servers, including databases, says Ashot Oganesyan, founder of DLBI's data leak intelligence and monitoring service.
— Now it all depends on whether they got to the backups. If there are backups, it will take from one or two days to a week to recover," he said. — Otherwise, it will take months.
Igor Bederov, Director of the T.Hunter Cyber Research Department, estimated the recovery time for Aeroflot's public systems to be one and a half to two months, if backups of the lost information were preserved.
— If you neglect the restoration of archives and focus only on current flights, you can meet the specified deadlines, — he believes.
On average, recovery from a large-scale cyberattack takes from several weeks to six months, said Alexey Kozlov, a leading analyst at Speakatel's information security monitoring department. So, it takes one to two months to restore critical systems, the rest is to set up protection, audit, review processes and regain customer trust.
"Full stabilization can take up to a year if the infrastructure is destroyed and backups are unavailable," the expert believes.
To restore the system completely, it will need to be completely reassembled from obviously secure media that do not have vulnerabilities, said Alexander Dmitriev, CEO of Neuroinform.
"The first restoration of working capacity will be carried out fairly quickly — literally in a few days, but then there will be systematic, painstaking work to check everything and everything, create a secure infrastructure," he said. — Given the huge number of servers and working computers of Aeroflot, I think that the real recovery time may take up to a year.
Hacker groups Silent Crow and "Cyber Guerrillas" claimed responsibility for the crash. They allegedly stayed inside Aeroflot's IT infrastructure for about a year and, according to them, destroyed about 7 thousand servers.
The first information about the Silent Crow group appeared at the end of last year. All of her attacks targeted Russian resources and were quite large-scale. At the same time, hackers were not seen in extortion or commercialization of stolen information. They claimed hacking of Rosreestr, AlfaStrakhovanie-Life, Kia Russia and the CIS, Alfa‑Bank's Customer Club, the Unified Medical Information and Analytical System (EMIAS) and a number of others.
Delays and cancellations of dozens of Aeroflot flights indicate a large-scale impact, Alexey Kozlov noted. Ashot Oganesyan gave the same assessment of the situation.
— If hackers have indeed been present in the infrastructure for more than a year, there is a possibility that backups are infected with backdoors (a defect in the algorithm that is intentionally embedded in it by an attacker and allows unauthorized access. — Izvestia), which can be used in repeated attacks, he said.
What vulnerabilities are hackers looking for from large companies?
Experts interviewed by Izvestia on condition of anonymity noted that for a long time, attackers can go unnoticed if the company does not have or does not operate to the required extent an operational security center (SOC), a specialized unit responsible for monitoring, detecting, analyzing and responding to cyber incidents.
—Attackers can go unnoticed for a long time if such a center is minimal or not enough budget is allocated for it," the specialist said. — Although in the case of Aeroflot, it is difficult to assume this, since it is a strategic company with critical information infrastructure facilities. But a year is too long to find nothing.
Alexey Kozlov believes that one of the possible reasons for the situation is insufficient access control and organization of internal security.
"We need regular audits, user behavior control, multi—factor authentication, monitoring of privileged actions, restriction of rights, and real—time command analysis," he said.
According to him, hacker groups have been preparing attacks for months and even years — they involve top experts using the full range of techniques: from phishing and vulnerability exploitation to insiders.
Information security specialists need to have information not only about any illegitimate activity, but also to record any new, previously uncharacteristic behavior of anyone or anything on the network, said Mikhail Khlebunov, director of products at cybersecurity company Servicepipe.
— Most often, such attacks begin with a network scan. And it is possible to resist such targeted attacks using traffic analysis solutions capable of deeply analyzing the network, as well as solutions to protect against bot attacks in order to cut off any malicious automation," he explained.
Airlines, transport, and tourism are among the key targets for hacker attacks in Russia in the summer, when demand for these services is at its highest, said Artem Artamonov, a leading pre-sale engineer at StormWall.
— The groups that take responsibility in such cases often rely not so much on technological damage as on reputational damage. Therefore, in addition to the technical response, it is important to have a communication plan with customers and partners in order to reduce the negative effect. Fortunately, the airline is openly stating the problems that have arisen, which means it has such a plan," he said.
Now is the time for new challenges, so it is necessary to combine import substitution with a high level of cyber protection, said Vasily Stepanenko, CEO of Nubes cloud provider.
Переведено сервисом «Яндекс Переводчик»
