The Seattle-Tacoma International Airport is facing a demand of $6 million in bitcoin from hackers who stole documents during a recent cyberattack. The Port of Seattle, which operates the airport, has chosen not to pay the ransom. The attack has been linked to a ransomware gang called Rhysida, and the FBI is now conducting a criminal investigation. Despite the attack being stopped, the hackers were able to encrypt some data and are now demanding payment in exchange for not releasing the stolen documents. The airport is in the process of reaching out to individuals whose personal information may have been compromised.
Paying the ransom would not be a wise use of taxpayer money, according to port officials. The airport is still recovering from the effects of the cyberattack, which occurred just days before the Labor Day holiday weekend. Although flights were able to continue operating, the attack disrupted ticketing, check-in kiosks, and baggage handling systems. Passengers on smaller airlines were forced to use paper boarding passes as a result of the attack. The mayor of Columbus, Ohio, previously attributed a data breach in the city to the Rhysida ransomware gang, although the city did not receive a ransom demand.
The airport’s managing director of aviation, Lance Lyttle, informed a U.S. Senate committee about the situation, stating that the hackers had posted eight stolen files on the dark web and were asking for 100 bitcoin in return for the data. The contents of the documents have not been disclosed by Lyttle. It is unclear how the stolen data may impact operations at the airport or the security of individuals affected by the breach. The decision not to pay the ransom reflects a stance against giving in to cybercriminal demands, despite the potential consequences for the airport’s operations and reputation.
The FBI’s involvement in the criminal investigation indicates the severity of the cyberattack and the importance of tracking down the perpetrators. It is crucial for airports and other critical infrastructure operators to strengthen their cybersecurity measures to prevent future attacks. The incident serves as a reminder of the constant threat posed by cybercriminals and the need for organizations to remain vigilant against such threats. As the port and airport continue to address the aftermath of the attack, efforts to enhance cybersecurity protocols and protect sensitive data will be a top priority in ensuring the safety and security of operations moving forward.
