"The incident has not impacted airport operations and does not affect daily travel,” said Kim Kuehler. “Upon discovery, the airport’s cybersecurity and technology teams immediately contacted law enforcement and began a comprehensive investigation.
“The airport has taken steps to contain the incident and is confident the risk has been mitigated.”
Airport officials did not immediately respond to questions about the ransomware attack other than to confirm it happened.
Ransomware.live, which monitors ransomware attacks, listed Tulsa International Airport on its list of victims Friday. Cybernews.com reported the ransomware attack on Saturday, identifying the “Russian-linked Qilin group” as the perpetrator of the attack.
The information captured in the attack included an airport executive’s personal contact information, budget and revenue spreadsheets, banking communications and tenant databases, according to Cybernews.com.
Tyler Moore, chair of Cyber Studies at the University of Tulsa, said he learned of the attack Saturday morning from a student who had seen the airport listed on Ransomware.live.
“That website is run by good guys who will track these ransomware groups whenever they make announcements that they have had compromises, and then they publish it. We pull data from that website in my research groups because we are studying ransomware actors.
“It’s a really useful data source for our research, normally.”
Moore said he is not familiar with Cybernews.com but the fact that the website has screenshots of airport records Qilin allegedly captured would be entirely consistent with how such ransomware attacks work.
“Because these gangs … they need to be credible, that is why they post this information, and 99 times out of 100 at least, it is in fact" what they found, Moore said. “They will have compromised this data and then they will look for the stuff that is the most likely to get a response from the victim to pay a ransom.”
Qilin has been around since about 2022, Moore said, and is one of the more active cybercriminal groups operating.
Tulsa International Airport is an independent entity from the city of Tulsa.
In early 2019, a ransomware attack damaged about 40% of the city’s 471 servers and about 20% of the city’s 5,000 desktop and laptop computers. It took nearly a year and at least $2 million to make the necessary repairs and upgrades to get the system fully operational.
© 2026 Tulsa World, Okla. Visit www.tulsaworld.com. Distributed by Tribune Content Agency, LLC.
