The Port of Seattle recently experienced a ransomware attack by the group Rhysida, who is demanding 100 bitcoin, or around $6 million, as payment. The group has reportedly posted stolen files on the dark web. The Port of Seattle has refused to pay the ransom, stating that it goes against their values and is not the best use of public funds. However, the decision whether to pay a ransom in cases like this is highly debated and dependent on an organization’s security infrastructure and ability to recover through backups and other means.
The FBI, leading the investigation into the cyberattack, does not support paying a ransom in response to a ransomware attack. Security experts warn that paying a ransom can effectively fund criminal activities and establish a precedent for other attackers. Not paying a ransom can come at a cost, as seen with MGM Resorts incurring over $100 million in lost revenue after refusing to pay a ransom in a similar attack. It is still unclear how the Port of Seattle was hacked and what other data may have been compromised.
Senator Maria Cantwell, chairing the Senate committee focusing on aviation cybersecurity threats, highlighted the increasing number of cyberattacks on the aviation industry. The recent cyberattack on the Port of Seattle led to an outage that disrupted WiFi, baggage services, and flight information screens at Sea-Tac Airport. Cantwell emphasized the importance of taking aviation threats seriously and ensuring that infrastructure is resilient to cyber threats.
The cyberattack at the Port of Seattle affected Senator Cantwell personally as she was trying to catch a flight and couldn’t find information on digital boards at Sea-Tac Airport. The outage did not impact flights or security checkpoints, but services like the airport and Port websites, lost and found, and visitor pass program remain inaccessible. The airport has stated that the travel experience is now back to normal, but efforts are ongoing to further harden cyber defenses and enhance monitoring to prevent future attacks. Rhysida has previously targeted other institutions and hospitals, indicating a pattern of cybercriminal activity by the group.
The investigation into the cyberattack at the Port of Seattle is still ongoing, with the Port identifying several “lessons learned.” Despite having robust cybersecurity systems in place, the attack highlights the need for continued vigilance as cybercriminals evolve their tactics. The incident underscores the vulnerability of critical infrastructure to cyber threats and the importance of taking proactive measures to protect against future attacks. As aviation industry cyberattacks continue to rise, there is a pressing need for improved cybersecurity measures to safeguard infrastructure and maintain the safety and security of air travel.
