The airline has asked Ireland's Criminal Assets Bureau to work with its counterparts in Asia to trace and recover the funds.
"Ryanair confirms that it has investigated a fraudulent electronic transfer via a Chinese bank last week," the airline told the Irish Times in a statement. "The airline has been working with its banks and the relevant authorities and understands that the funds -- less than $5 million -- have now been frozen."
"The airline expects these funds to be repaid shortly, and has taken steps to ensure that this type of transfer cannot recur," Ryanair added. "As this matter is subject to legal proceedings, no further comment will be made."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
It's not clear at this point how the hackers managed to initiate the transfer, though the Irish Times reports that the funds stolen appear to have been intended for fuel purchases for Ryanair's several hundred Boeing 737-800 aircraft.
Still, as Sophos' Paul Ducklin wrote in a recent blog post, it's highly unlikely that the thieves will be able to cash out the stolen funds, since withdrawing a significant amount of cash usually has to be done in person.
"The best place to get wedges of cash without being asked any questions face-to-face is an ATM, where all you need is a valid bank card and a short password in the form of a PIN (personal identification number)," Ducklin wrote. "But most ATMs have a limit imposed on how much you can take out in each transaction, if not for security reasons, at least to ensure that some money gets left behind for the next guy."
Still, Ducklin noted, there are exceptions -- in December 2012, cybercriminals used prepaid debit cards to steal approximately $9 million from ATMs, and in August 2011, a similar theft using 22 prepaid debit cards netted thieves approximately $13 million.
Regardless, the Ryanair theft is yet another reminder of the importance of effective and efficient incident detection. As Absolute Software vice president of product management Ryan St. Hilaire advised in a recent eSecurity Planet article, "Reduce the attack surface by monitoring your environment regularly so you can easily detect anomalies. Cyber threats evolve constantly, so ensure you conduct regular security audits to identify the vulnerabilities with your network, your endpoints and your employee policies."
"If you don’t know your weak spots, you can’t properly predict where hackers can gain entry," St. Hilaire added.