The Port of Seattle has confirmed that the Rhysida ransomware gang orchestrated the cyberattack that disrupted its systems and operations in late August. The attack on August 24, 2024, forced the Port to isolate critical systems, resulting in widespread outages impacting Seattle-Tacoma International Airport and the Port’s maritime facilities.
According to the Port’s statement, the Rhysida attackers gained unauthorized access to certain parts of their computer systems and encrypted some data.
This led to disruptions in various airport services, including baggage handling, check-in kiosks, ticketing, Wi-Fi, passenger display boards, and the Port’s website and mobile app.
Decoding Compliance: What CISOs Need to Know – Join Free Webinar
Despite the severity of the attack, the Port has refused to pay the ransom demanded by the Rhysida gang.
“Paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars,” said Steve Metruck, Executive Director of the Port of Seattle. As a result, the Port warns that the attackers may publish stolen data on their dark website.
The Port’s investigation into the incident is ongoing, but it appears that the attackers exfiltrated some data in mid-to-late August. If any employee or passenger’s personal information is found to have been compromised, the Port has committed to notifying affected individuals.
Since the attack, the Port has been working to restore affected systems and enhance its cybersecurity measures. While most services were brought back online within a week, work is still underway to fully restore the Port’s website and internal portals.
The Port remains on heightened alert and is continuously monitoring its systems for any further unauthorized activity.
Rhysida is a relatively new but highly active ransomware operation that has targeted various sectors, including healthcare, government, and now transportation.
The gang has been linked to several high-profile attacks in recent months, including the breaches of the British Library and the Chilean Army.
As the investigation continues, the Port remains committed to transparency, strengthening its defenses, and sharing information to help protect other organizations from similar attacks.
Simulating Cyberattack Scenarios With All-in-One Cybersecurity Platform – Watch Free Webinar