Hackers are demanding $6 million in bitcoin from the operator of the Seattle-Tacoma International Airport for documents they stole during a cyberattack last month and posted on the dark web this week, an airport official said Wednesday.
The Port of Seattle, which owns and runs the airport, has decided not to pay, the official said.
The airport previously linked the attack to a ransomware gang called Rhysida, and now the FBI is conducting a criminal investigation, said Lance Lyttle, the port’s managing director of aviation.
Lyttle told a U.S. Senate committee that the airport appears to have stopped the attack, but the hackers were able to encrypt some data.
“On Monday, they posted on their dark website a copy of eight files stolen from Port systems and are seeking 100 bitcoin to buy the data,” Lyttle said.
Lyttle did not describe the documents. He said the airport will contact any individuals whose personal information might have been stolen.
Port officials have said paying the ransom would not be a good use of taxpayer money.
The airport is still recovering from the attack, which began Aug. 24. The attack was launched at a busy time, a week before the Labor Day holiday weekend.
Flights were able to operate, but the attack snarled ticketing, check-in kiosks and baggage handling. Passengers on smaller airlines had to use paper boarding passes.
The mayor of Columbus, Ohio, said last month that Rhysida was behind a data breach of city systems. The mayor downplayed the value of the stolen data and said the city never got a ransom demand.
Related: Data Stolen in Ransomware Attack That Hit Seattle Airport
