Port of Seattle: Outage was ransomware attack; ransom hasn’t been paid
Sep 14, 2024, 9:18 AM
(Image courtesy of KIRO 7)
The Port of Seattle and Seattle-Tacoma International Airport (Sea-Tac Airport) confirmed in a statement Friday afternoon a ransomware attack is what knocked several systems offline last month.
Previously, officials with the Port of Seattle and Sea-Tac Airport confirmed that on the morning of Saturday, Aug. 24, a cyberattack brought down websites, email and many airport services and it disconnected phone services.
Earlier coverage: Cyberattack causing major issues at Sea-Tac Airport
Airport spokesman Perry Cooper said last month airport personnel noticed “nefarious characters” in the system that day and administrators decided to shut the whole system down.
The Port of Seattle stated in its release Friday that since that time, “Port staff have been working around the clock to ensure that our partners and travelers who use our gateways safely and securely reach their destinations and utilize our facilities.”
Their efforts have included engaging with forensics specialists and actively supporting law enforcement’s investigation of the attacker, the statement reads.
Holiday weekend: Sea-Tac Airport operated as normal for Labor Day traffic
Port of Seattle was the victim of a ransomware attack
The Aug. 24 incident that has affected the Port of Seattle and Sea-Tac Airport was a ransomware” attack put into motion by the criminal organization known as Rhysida, according to the agency’s news release. The Port of Seattle added that the work its team did to stop the attack “appear to have been successful” as there has been “no new unauthorized activity on Port systems since that day.”
However, the Port’s investigation determined the “unauthorized actor was able to gain access to certain parts of our computer systems and was able to encrypt access to some data.” From there, the agency said it “took steps to block further activities including disconnecting our systems from the internet.”
But, notably, the outage caused the airport’s reader board that would normally have information about flight arrivals and departures to go blank for several days.
Some airlines — like the ones using shared working space at Sea-Tac Airport — had to resort to using pen and paper to track baggage, as their companies have not brought in their own computers so they rely on airport’s, Cooper said. In addition, check-in kiosks, Visitor Pass, Wi-Fi at the airport, Airport Lost and Found and reserved parking weren’t accessible for a period of time.
The Port’s original website, portofseattle.org, also still isn’t operational after it came down last month. Users are now encouraged to visit washingtonports.org to get information about the port and the airport.
The agency emphasized in its statement that it remains safe to travel from the airport and use the Port of Seattle’s maritime facilities.
Vintage photos: Sea-Tac Airport celebrates 75 years
Port of Seattle has refused to pay the ransom demand
The Port has refused to pay the ransom demanded, and as a result, its statement said Rhysida may respond by posting data it has claimed to have stolen on the dark net.
“From Day 1, the Port prioritized safe, secure and efficient operations at our facilities. We are continuing to make progress on restoring our systems. The Port of Seattle has no intent of paying the perpetrators behind the cyberattack on our network,” Executive Director of the Port of Seattle Steve Metruck said in the statement. “Paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars.”
An investigation of the data the taken is ongoing, but it does appear Rhysida obtained some Port data mid-to-late August. The agency added that if it identifies employee or passenger personal information were obtained, it “will carry out our responsibilities to inform them.”
Where the Port of Seattle goes from here
The Port said in its news release that while it is restoring and rebuilding systems, it has been taking additional steps to “enhance existing controls and further secure our IT environment.”
“We continue working with our partners to not just restore our systems but build a more resilient Port for the future,” Metrick said. “Following our response efforts, we also commit to using this experience to strengthen our security and operations, as well as sharing information to help protect businesses, critical infrastructure and the public.”
Steve Coogan is the lead editor of MyNorthwest. You can read more of his stories here. Follow Steve on X, or email him here.