Port of Seattle Confirms August Cyberattack Involving Rhysida Ransomware

The Port of Seattle has confirmed that the Rhysida ransomware group was behind the cyberattack that disrupted its operations on August 24, 2024. The attack forced the Port to shut down critical systems, leading to widespread service outages at Seattle-Tacoma International Airport and its maritime facilities.

The attackers gained unauthorized access and encrypted data within the Port’s systems, causing disruptions to several services, including baggage handling, check-in kiosks, ticketing, Wi-Fi, passenger information displays, and the Port’s website and mobile app.

Despite the attack’s impact, the Port refused to pay the ransom demanded by the hackers. Executive Director Steve Metruck stated that paying the ransom would go against the Port’s values and commitment to using taxpayer funds responsibly. As a result, the Port has warned that the attackers may release stolen data on their dark web site.

The Port of Seattle is continuing its investigation into the August cyberattack by the Rhysida ransomware group, with indications that data may have been stolen in mid-to-late August. If personal information belonging to employees or passengers is found to be compromised, the Port has pledged to notify those affected.

Efforts to restore systems are ongoing, with most services back online within a week, though the Port’s website and internal portals are still being fully restored. The Port has heightened its cybersecurity measures and is actively monitoring for further unauthorized activity.

Rhysida, a relatively new but active ransomware group, has recently targeted multiple sectors, including healthcare, government, and transportation, and has been linked to notable attacks on the British Library and the Chilean Army.

As the investigation unfolds, the Port is committed to transparency, bolstering its defenses, and sharing insights to help other organizations prevent similar incidents.

Share this post :