The Port of Seattle has demonstrated that the Rhysida ransomware gang orchestrated the cyberattack that disrupted its systems and procedures in late August. The attack on August 24, 2024, forced the Port to isolate essential systems, resulting in widespread outages impacting Seattle-Tacoma International Airport and the Port’s maritime facilities.
According to the Port’s statement, the Rhysida assaulters acquired unauthorized access to certain parts of their computer systems and encrypted some data. This led to disruptions in different airport services, including baggage handling, check-in kiosks, ticketing, Wi-Fi, passenger display boards, and the Port’s website and mobile app.
Despite the severity of the attack, the Port has declined to deliver the ransom requested by the Rhysida gang. “Delivering the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars,” said Steve Metruck, Executive Director of the Port of Seattle. As a result, the Port warns that the assaulters may publish stolen data on their dark websites.
The Port’s inquiry into the incident is continuing, but it seems that the assaulters exfiltrated some data in mid-to-late August. If any employee or passenger’s confidential data is found to have been compromised, the Port is dedicated to informing concerned individuals. Since the attack, the Port has been working to restore manufactured systems and improve its cybersecurity measures. While most services were brought back online within a week, work is still underway to fully restore the Port’s website and internal portals.
The Port remains on elevated alert and is constantly monitoring its plans for any other unauthorized action. Rhysida is a fairly new but highly active ransomware operation that has targeted various sectors, including healthcare, government, and now transportation.
The team has been connected to many high-profile attacks in recent months, including the breaches of the British Library and the Chilean Army. As the research persists, the Port remains dedicated to clarity, strengthening its defenses, and sharing knowledge to help protect other associations from similar attacks.