The Port of Seattle recently experienced a cyberattack on August 24th, which impacted various operations, including Seattle-Tacoma International Airport. The attack was carried out by the criminal organization Rhysida, known for targeting institutions such as hospitals and government organizations. The Port refused to pay the ransom demanded by Rhysida, leading to the potential risk of some data being posted online. The Port is currently investigating what data was obtained by the actor and is committed to notifying potentially impacted stakeholders, especially if employee or passenger personal information was compromised.
As a result of the attack, critical systems had to be isolated, causing an outage that shut down WiFi at the airport and disrupted baggage services and flight information screens inside the terminal. Airport workers had to use manual methods to continue operations, such as writing flight numbers on paper and creating handwritten boarding passes and bag tags. While the travel experience at Sea-Tac Airport is now back to normal, services like the airport and Port’s websites are still down, impacting operations such as the lost and found and visitor pass program. Some maritime operations managed by the Port of Seattle are still recovering from the attack.
The Port of Seattle has stated that they have no intention of paying the perpetrators behind the cyberattack, as it goes against their values as a good steward of taxpayer dollars. Paying the ransom would not reflect the Port’s commitment to responsible financial management. The Port has also taken this incident as a catalyst to implement technical changes that were already in the works, accelerating the process. The statement was made by Steve Metruck, the executive director of the Port of Seattle.
Ransomware attacks on critical infrastructure and public entities, such as schools, are becoming increasingly common. These attacks are often carried out by criminal enterprises or nation-states, with the intention of making data inaccessible or threatening to leak it unless a ransom is paid. The data obtained from these attacks can be sold on the dark web for profit. Recent high-profile ransomware attacks have affected various organizations, including auction house Christie’s, healthcare systems, and Seattle’s Fred Hutchinson Cancer Center. Highline Public Schools, located south of Seattle, even had to cancel classes for three days due to a cyberattack.
The Port of Seattle reassures that no unauthorized activity has been identified since the initial breach. However, the impact of the attack on enterprise applications essential to business functions, such as accounts payable services and contract management, has been significant. While many services have been restored with temporary solutions, some key systems remain offline. The cybersecurity incident at the Port of Seattle has shed light on the need for increased protection of critical infrastructure and public entities against cyber threats. Organizations are urged to strengthen their cybersecurity measures to prevent such attacks in the future.
