The Port of Seattle, which operates the Seattle-Tacoma International Airport (SEA Airport), has confirmed that ransomware was used in an August cyberattack that caused days-long outages.
The incident was disclosed on August 24, when the Port announced on X (formerly Twitter) that various services were down after critical systems were isolated in response to a cyberattack.
While the SEA Airport and other facilities remained open, passenger display boards, Wi-Fi, check-in kiosks, ticketing, baggage, and reserved parking were among the affected services, along with the flySEA application and the Port of Seattle website.
On September 13, the Port announced that it had restored most of the affected systems within a week after the attack. While it secured the impacted systems and has found no evidence of additional malicious activity, the Port has yet to bring the external website and internal portals back online.
“Enterprise applications essential to business functions, such as accounts payable services, contract management, phone service, and the public website were affected in the attack. Many of these services have been restored with temporary or workaround solutions, although some key systems remain offline,” the Port said.
It also confirmed that some data was encrypted during the attack, that data was stolen from its systems, and that the Rhysida ransomware gang was responsible for the incident.
“Our investigation of what data the actor took is ongoing, but it does appear that some Port data was obtained by the actor in mid-to-late August. Assessment of the data taken is complex and takes time, but we are committed to these efforts and notifying potentially impacted stakeholders as appropriate,” the Port said.
While the Rhysida group has yet to claim responsibility for the attack, the Port believes that the exfiltrated data could eventually be leaked online, as no ransom was paid.
“The Port has refused to pay the ransom demanded, and as a result, the actor may respond by posting data they claim to have stolen on their dark web site,” the Port said.
Related: Healthcare Provider to Pay $65M Settlement Following Ransomware Attack
Related: White House Holds First-Ever Summit on the Ransomware Crisis Plaguing the Nation’s Public Schools
Related: Mailing List Provider WordFly Scrambling to Recover Following Ransomware Attack
Related: Ransomware Attack a Nail in the Coffin as Lincoln College Closes After 157 Years