India’s Second Largest Carrier Hit by Ransomware Attack

  • A ransomware attack on SpiceJet, India’s second largest carrier, took its internal systems offline, causing multiple flight delays of several hours and stranding a large number of passengers at the airport.
  • This cyber-attack on SpiceJet’s operational systems directly affected numerous passengers flying to India and overseas countries, and the hours of delay will translate into significant financial losses.
  • This is another recent cyber-attack affecting flight operations, following the cyber-attack on veteran Canadian airline Sunwing Airlines in April, which caused severe flight delays for nearly a week and left a large number of passengers stranded at the airport for many days.

Indian airline SpiceJet said that its systems were affected by a “ransomware attack” on Tuesday (May 24), which has delayed several flights and left a large number of passengers stranded at the airport.

Only the home page of SpiceJet’s website can be accessed normally, but most of the underlying systems and pages are not loading.

However, the flight status table is still showing normally, and a large number of flights have been delayed, ranging from two to five hours.


Officials claim to have solved the problem, but a large number of passengers are still stuck at the airport

Several flights were still delayed on May 25 and passengers were grumbling about the lack of service.

A large number of passengers tweeted photos and videos complaining that they had been waiting for hours after boarding, but there was no response from SpiceJet.

SpiceJet later noted in a statement that the problem had been resolved.

In the tweet, the company wrote, “Our IT team took control and resolved the current issue and flight operations are now back to normal.”

But just after the tweet, a number of passengers took to social media to say they were still stuck at airports around the world and had been waiting for hours with unbearable hunger and thirst, during which ground staff did little to communicate.

One of the passengers, Mudit Shejwar, mentioned on Twitter that his flight to Dharamsala town had been delayed for more than three hours.

“We’ve been on board for 80 minutes and still no takeoff. The only news conveyed by the flight crew is that there is a server down, plus there are problems with the paperwork related to fuel. Is this really the case?”


Other passengers tweeted @SpiceJet asking them for information on the status of their flight. Others complained that “the ground crew at the gate is nowhere to be found”.

Others mentioned that operations had not resumed and that the staff themselves were unaware of the situation.

One passenger wrote in a tweet, “We have old people and kids on our side, and everyone is stuck without food or water. No one on the hatch side and can’t get any new information.” Other passengers complained that they could not reach the airline’s customer service line.

A passenger at the eastern West Bengal airport also sent a photo of his wife with a broken foot, again referring to their flight being delayed for hours.

SpiceJet is having operational problems and is experiencing serious financial difficulties

According to publicly available data, SpiceJet is the second largest airline in India, operating a total fleet of 102 aircraft with flights to more than 60 destinations. SpiceJet employs over 14,000 people and has a domestic market share of approximately 15% in India.

Therefore, this cyber attack on SpiceJet’s operational system directly affects many passengers flying to India and overseas countries. A few hours of delay will translate into huge financial losses.

In January 2020, SpiceJet had confirmed a data breach. One of the company’s poorly protected servers was accessed by unauthorized individuals and a database backup file was accidentally leaked.


The backup file contained the unencrypted information of 1.2 million passengers who had used SpiceJet’s services in the past month, including passengers’ full names, flight information, phone numbers, email addresses and dates of birth.

Since 2020, the Airports Authority of India, which manages airports across India, has explicitly placed SpiceJet in a “pay-as-you-go” mode, meaning that the company’s credit status has been revoked on the grounds that SpiceJet simply cannot afford to settle airport usage fees.

In 2023, SpiceJet experienced severe financial difficulties as a result of the New Crown Anti-Epidemic Policy. As a direct result of the epidemic, the fleet was grounded and annual revenues plummeted by 28%, which in turn threatened the sustainable operation of the company’s business.

Not surprisingly, the poor financial situation naturally squeezed the investment budget for cyber security and incident response as well. The malicious hackers in this attack may have seen the right time to take a decisive shot at SpiceJet.

Vinchin enterprise backup solution can effectively respond to the actual emergency situation, and can quickly complete data recovery after a ransomware attack to achieve effective data backup, and use the instantaneous recovery function to quickly pull up the system at critical moments to prevent the school system from being paralyzed due to the ransomware attack. Whether it is prevention beforehand, or afterwards with decryption tools, or spend money to buy unlocking keys, compared to these, the use of a suitable backup solution is more secure and reliable, such as VMware Backup, Hyper-V Backup, Xenserver Backup and so on.


Vinchin backup solutions have been successfully deployed and delivered in 60+ countries and widely used in 20+ industries such as governments, telecommunications, health care, education, finance, IT services, manufacture, military industry, etc. from SMBs to large-scale enterprises and state-owned enterprises.

With Vinchin Backup & Recovery, robust VMware protection can be simply achieved, no matter it’s for a standalone ESXi host or vCenter-managed cluster environment or even vSAN.

Through the #1 easy-to-manage B/S architecture web console, a few minutes will be all it takes to get ready and start to back up your VMware VMs with most advanced backup and recovery strategies. Your critical workloads on VMware can be protected right away.

Click to know more about Vinchin.