The Port of Seattle recently experienced a cyberattack on August 24th, carried out by a criminal organization known as Rhysida, which is responsible for other cyberattacks on institutions such as the British Library and the City of Columbus, Ohio. The Port refused to pay the ransom demanded by the organization, resulting in data being potentially stolen by the attackers. The Port is currently investigating what data was taken and is committed to notifying those who may be impacted, particularly in regards to employee or passenger personal information. The attack disrupted various operations at Seattle-Tacoma International Airport, including shutting down WiFi, causing delays to baggage services, and impacting flight information displays.
Despite the outage, flights and security checkpoints at Sea-Tac Airport were not affected, and the travel experience has returned to normal. However, the Port’s websites and certain services such as lost and found and visitor pass programs are still inaccessible. Maritime operations managed by the Port of Seattle are also still in recovery mode, with key systems remaining offline. The Port has not identified any unauthorized activity since the initial breach but is continuing to work on restoring essential services for business functions.
Ransomware attacks on critical infrastructure and public entities are becoming increasingly common, with criminals and even nation-states often behind such attacks. These attacks involve hackers exploiting vulnerabilities to make data inaccessible, threatening to leak it, and demanding high payments in exchange for restoring access. Data stolen in these attacks can be sold on the dark web for profit. The Port of Seattle has made it clear that it will not pay the perpetrators behind the cyberattack on their network, citing a commitment to being good stewards of taxpayer dollars. The executive director of the Port, Steve Metruck, emphasized that paying the ransom would go against the Port’s values.
In response to the cyberattack, the Port of Seattle is implementing technical changes that were already in the works, with some being accelerated due to the crisis. Various other organizations, such as auction house Christie’s, healthcare systems like Ascension and Change Healthcare, and Seattle’s Fred Hutchinson Cancer Center, have also been victims of recent high-profile ransomware attacks. Additionally, Highline Public Schools, a school district south of Seattle, had to cancel classes for three days due to a cyberattack. These incidents highlight the growing threat of cyberattacks on critical infrastructure and the importance of cybersecurity measures to protect sensitive data and operations.