In late August 2024, the Port of Seattle became the target of a significant cyberattack, attributed to the Rhysida ransomware group, a relatively new but fast-growing ransomware-as-a-service (RaaS) operation. The attack caused major disruptions at Seattle-Tacoma International Airport (SEA), including outages in critical systems such as baggage handling, ticketing, Wi-Fi, check-in kiosks, and passenger information displays.
The Port of Seattle disclosed last Friday that it had detected unauthorized activity on its systems, leading to the isolation of key systems to mitigate the damage. According to the Port: "Early on Saturday, August 24, the Port was made aware of unauthorized activity on our systems. Our teams isolated critical systems and are working with third-party and federal partners to safely restore and test our systems." This swift action was vital in preventing further damage, though it resulted in prolonged outages across various services.
The attackers encrypted parts of the Port's data, causing widespread system outages that affected both the airport and maritime operations. While the full extent of the data breach is still under investigation, officials have confirmed that the Port refused to pay the ransom demanded by the attackers.
Recovery efforts have been ongoing, with substantial progress made by mid-September. In a weekly update, the Port reported that major systems had been restored, and normal operations had resumed at SEA. "Flight and baggage information displays are now showing every airline's schedule throughout the SEA Airport terminal. Travelers are seeing their normal travel experience at SEA. Wi-Fi is back up, displays are on, and all check-in and ticketing systems are back." However, the Port's website and some internal systems remain offline, with updates being provided weekly.
This incident highlights the vulnerability of critical infrastructure to ransomware attacks. The Rhysida ransomware group, which surfaced in May 2023, has quickly gained notoriety, targeting not only government entities like the Port of Seattle but also high-profile organizations worldwide. In recent months, the group has been linked to attacks on the British Library, the City of Columbus, and several healthcare organizations​, Bleeping Computer reports.
The attack underscores the importance of robust cybersecurity measures for ports, airports, and other critical infrastructure. As the Port of Seattle continues to work with federal agencies and cybersecurity experts, it serves as a reminder of the growing threats posed by ransomware gangs and the significant disruptions they can cause.
This incident is yet another example of why organizations should prioritize cybersecurity readiness, including rapid incident response capabilities and strong cyber defenses to thwart such attacks in the future.
Follow SecureWorld News for more stories related to cybersecurity.