MYNORTHWEST NEWS

Port of Seattle: Outage was ransomware attack; ransom hasn’t been paid

Sep 14, 2024, 9:18 AM

Image: At the top of this image, the reader board at Sea-Tac Airport that would normally have infor...

At the top of this image, the reader board at Sea-Tac Airport that would normally have information about flight arrivals and departures was blank and not working Sunday, Aug. 26, 2024. Volunteers in green shirts, as seen on the left, have been helping travelers maneuver through the airport. (Image courtesy of KIRO 7)

(Image courtesy of KIRO 7)

The Port of Seattle and Seattle-Tacoma International Airport (Sea-Tac Airport) confirmed in a statement Friday afternoon a ransomware attack is what knocked several systems offline last month.

Previously, officials with the Port of Seattle and Sea-Tac Airport confirmed that on the morning of Saturday, Aug. 24, a cyberattack brought down websites, email and many airport services and it disconnected phone services.

Earlier coverage: Cyberattack causing major issues at Sea-Tac Airport

Airport spokesman Perry Cooper said last month airport personnel noticed “nefarious characters” in the system that day and administrators decided to shut the whole system down.

The Port of Seattle stated in its release Friday that since that time, “Port staff have been working around the clock to ensure that our partners and travelers who use our gateways safely and securely reach their destinations and utilize our facilities.”

Their efforts have included engaging with  forensics specialists and actively supporting law enforcement’s investigation of the attacker, the statement reads.

Holiday weekend: Sea-Tac Airport operated as normal for Labor Day traffic

Port of Seattle was the victim of a ransomware attack

The Aug. 24 incident that has affected the Port of Seattle and Sea-Tac Airport was a ransomware” attack put into motion by the criminal organization known as Rhysida, according to the agency’s news release. The Port of Seattle added that the work its team did to stop the attack “appear to have been successful”  as there has been “no new unauthorized activity on Port systems since that day.”

However, the Port’s investigation determined the “unauthorized actor was able to gain access to certain parts of our computer systems and was able to encrypt access to some data.” From there, the agency said it “took steps to block further activities including disconnecting our systems from the internet.”

But, notably, the outage caused the airport’s reader board that would normally have information about flight arrivals and departures to go blank for several days.

Some airlines — like the ones using shared working space at Sea-Tac Airport — had to resort to using pen and paper to track baggage, as their companies have not brought in their own computers so they rely on airport’s, Cooper said. In addition, check-in kiosks, Visitor Pass, Wi-Fi at the airport, Airport Lost and Found and reserved parking weren’t accessible for a period of time.

The Port’s original website, portofseattle.org, also still isn’t operational after it came down last month. Users are now encouraged to visit washingtonports.org to get information about the port and the airport.

The agency emphasized in its statement that it remains safe to travel from the airport and use the Port of Seattle’s maritime facilities.

Vintage photos: Sea-Tac Airport celebrates 75 years

Port of Seattle has refused to pay the ransom demand

The Port has refused to pay the ransom demanded, and as a result, its statement said Rhysida may respond by posting data it has claimed to have stolen on the dark net.

“From Day 1, the Port prioritized safe, secure and efficient operations at our facilities. We are continuing to make progress on restoring our systems. The Port of Seattle has no intent of paying the perpetrators behind the cyberattack on our network,” Executive Director of the Port of Seattle Steve Metruck said in the statement. “Paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars.”

An investigation of the data the taken is ongoing, but it does appear Rhysida obtained some Port data  mid-to-late August. The agency added that if it identifies employee or passenger personal information were obtained, it “will carry out our responsibilities to inform them.”

Where the Port of Seattle goes from here

The Port said in its news release that while it is restoring and rebuilding systems, it has been taking additional steps to “enhance existing controls and further secure our IT environment.”

“We continue working with our partners to not just restore our systems but build a more resilient Port for the future,” Metrick said. “Following our response efforts, we also commit to using this experience to strengthen our security and operations, as well as sharing information to help protect businesses, critical infrastructure and the public.”

Steve Coogan is the lead editor of MyNorthwest. You can read more of his stories here. Follow Steve on X, or email him here.

MyNorthwest News

Photo: There is new information from SPD about Tuesday afternoon's fatal West Seattle shooting....

James Lynch

Woman killed in West Seattle was being served documents when she was shot

There is new information about Tuesday afternoon's fatal West Seattle shooting of Tamara Towers Parry, 57.

12 hours ago

Photo: Cydney Moore with the Burien Community Support Coalition, reads a notice warning of a sweep ...

Sam Campbell

Burien, King County homelessness feud continues with latest planned sweep

Tensions have again flared in Burien over homelessness and an ongoing plan to sweep an encampment in the city.

12 hours ago

Image: The exterior of a Bank of America location can be seen in Austin, Texas, on July 16, 2024....

Steve Coogan

Bank of America customers in Seattle area, US report account issues, $0 balances

Tens of thousands of Bank of America customers across the country reported major issues accessing their bank accounts Wednesday.

14 hours ago

Tacoma Public Utilities truck...

Bill Kaczaraba

Tacoma Public Utilities rates to go up for the next 2 years

Tacoma Public Utilities (TPU), following the lead of its Seattle counterpart, is set to raise its monthly power rates in both 2025 and 26.

17 hours ago

Photo: A Bellevue man convicted of murdering four people is requesting a new sentence....

Julia Dallas

You be the judge: Bellevue murderer asks for shorter sentence

A Bellevue man convicted of murdering four people when he was 17 is requesting a new sentence. "The Gee and Ursula Show" on KIRO Newsradio asked listeners to be the judge.

17 hours ago

Photo: Jacob Bustad, a machinist who has worked for Boeing for 14 years, holds up a fist to passing...

Bill Kaczaraba

Boeing machinists strike continues with no end … or even talks in sight

The latest round of talks between Boeing and machinists, mediated by federal officials, broke off without progress, according to the union.

18 hours ago

Port of Seattle: Outage was ransomware attack; ransom hasn’t been paid