Dive Brief:
- A ransomware attack initiated by the Rhysida ransomware group was responsible for widespread and sustained outages spanning multiple systems at the Port of Seattle, authorities said in a Friday update.
- Authorities for the Port of Seattle, which operates the Seattle-Tacoma International Airport and one of the busiest ports in the U.S., described the nature of the security incident three weeks after the government agency initially discovered the attack.
- Rhysida gained access to certain parts of the port’s computer systems and encrypted access to some data. The attack disrupted multiple services, including baggage, check-in kiosks, ticketing, Wi-Fi, flight display screens and the facilities’ websites, officials said in the update.
Dive Insight:
The extensive disruption caused by the ransomware attack and the port’s ongoing recovery efforts underscore the challenges critical infrastructure providers encounter immediately after a security incident. For some, the damage drags on.
Most of the systems impacted in the wake of the attack have been restored but the port’s website, internal portals and airport’s mobile app are still non-operational. Most flights departed and arrived as scheduled, and cruise ship operations were not impacted, officials said last month.
The port said it refused to pay the ransom, and warned “the actor may respond by posting data they claim to have stolen on their dark web site,” the agency said in the Friday update.
“The Port of Seattle has no intent of paying the perpetrators behind the cyberattack on our network,” Steve Metruck, executive director of the Port of Seattle, said in a statement. “Paying the criminal organization would not reflect port values or our pledge to be a good steward of taxpayer dollars.”
Port officials acknowledge some data was obtained by Rhysida in mid-to-late August and said an investigation into the type of data stolen is ongoing. Individuals potentially impacted by data theft will be notified once the assessment is complete, the agency said.
The Cybersecurity and Infrastructure Security Agency and FBI released a joint advisory about Rhysida in November 2023.
“We continue working with our partners to not just restore our systems but build a more resilient port for the future,” Metruck said. “Following our response efforts, we also commit to using this experience to strengthen our security and operations, as well as sharing information to help protect businesses, critical infrastructure and the public.”