The Port of Seattle, which operates Seattle Tacoma International Airport, has admitted that it was the victim of a sophisticated ransomware attack that plunged the airport into chaos on August 24 when tech engineers realized what was happening and rushed to disable critical systems.
In a statement that included all the latest updates on the ongoing investigation, port officials said that a ransomware group known as Rhysida managed to infiltrate key computer systems in mid-to-late August and that they may have stolen sensitive data.
The criminal organization has threatened to release the data onto the dark web unless the Port of Seattle pays a ‘ransom’ but authorities have refused to cave to Rhysida’s demands, saying doing so would not reflect the Port’s values.
So far, officials do not know whether personal data belonging to employees or passengers has been stolen and work is still ongoing to identify exactly what information Rhysida got hold of.
When the Port finally became aware of the attack on August 24, engineers quickly isolated key system to lock the hackers out, but in doing so, they took down the Port of Seattle’s website, along with check-in systems used by many airlines at SeaTac. A baggage handling system was also taken offline, along with flight information and baggage reclaim display screens.
Facing potential travel chaos amid the ‘fast-moving situation’, SeaTac drafted in an army of volunteers who helped to keep the airport operational, although travelers complained of long lines and the inability to check-in luggage because of the baggage system outage.
More than a week after the hack attack, the Port of Seattle was still working to get some flight information display screens back up and running while the Port’s website is still down several weeks later.
“From day one, the Port prioritized safe, secure and efficient operations at our facilities,” commented executive director Steve Metruck on Friday after the revelations were made public.
The Port of Seattle has no intent of paying the perpetrators behind the cyberattack on our network,” Metruck continued. “Paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars. We continue working with our partners to not just restore our systems but build a more resilient Port for the future.”
Metruck added that the Port of Seattle was working to improve its IT security which will include identity management and authentication protocols. The Port of Seattle added that it will step up cyber monitoring to identify any potential hack attack much faster in the future.
Cybersecurity Ventures predicts that by 2031, ransomware attacks will cost victims around $265 billion annually. Attacks are said to take place every two seconds, and around 61% of all cyber attacks worldwide specifically target airlines and the aviation industry.
All but 5% of these sophisticated attacks were financially motivated
sophisticated ransomware attack? Low chance. More likely a careless employee clicking on a link or opening an attachment.