Biman Bangladesh Airlines has reportedly been facing delays in the disbursement of salaries to its employees reportedly due to the cyber attack on the national carrier's email servers in March this year.
Sources from the airline claimed they have been unable to fully recover the email server even though a month and a half has passed since the attack. On condition of anonymity, a Biman employee said he had not been paid on time in the last two months.
However, the Biman authorities have denied media reports on the attack, saying they are baseless or grossly exaggerated.
Biman Joint Secretary Siddiqur Rahman, who has been serving as acting managing director and CEO while Shafiul Azim is in London, told Dhaka Tribune: "Everyone got payment but there was a bit of delay. we are operating everything using a backup server."
Digital Security Agency and Civil Aviation Ministry insiders furnished Dhaka Tribune with documents that suggested the hackers demanded $5 million in ransom for restoring Biman's access to its email servers.
Recently , Biman MD and CEO Shafiul Azim said: “There was no disruption in the operations or operational work of Biman. Our activities are going on as usual.
Wishing anonymity, officials at administration & HR Directorate of the airlines said that they used to receive salaries on the first two days of every month, but did not receive salaries for March and April on time due to the accounts server being down.
Along with the cyber attack on March 17, the hackers had sent a message that read “Hello” and had a yellow, parallelogram-shaped logo using the unique malware “Zero Day Attack.”
The next day, the hackers demanded $5m in ransom by March 20.
On March 21, they sent another message threatening to publish 100GB personal and confidential data unless the ransom was paid by the deadline.
The hackers have reportedly threatened to publish flight, passport, and other information of passengers and Biman employees on an online blog if they did not receive the ransom.
On March 22, people claiming to be the hackers sent a message to Biman that reads: “You say in the media that no information has been leaked. But you are wrong.”
The government declared 29 organizations, including Biman, as “critical information infrastructure” under the Digital Security Act in October 2022.