SEA Labor Day weekend cyberattack was ransomware scheme

Cyberattack at SeaTac Airport was ransomware

The Port of Seattle has issued a new statement detailing their ongoing efforts to recover from a cyberattack that compromised its systems on August 24, 2024.

SEATTLE - The Port of Seattle has issued a new statement detailing their ongoing efforts to recover from a cyberattack that compromised its systems on August 24, 2024.

The ransomware attack, attributed to the criminal organization Rhysida, prompted immediate action by port staff to secure critical operations and infrastructure.

Initial system outages were quickly identified as part of the ransomware attack, which led to diligent and swift isolation of critical systems to contain the breach. In tandem with these efforts, the port has been relentlessly working to ensure the safety and security of both the travelers using the Sea-Tac Airport and those relying on maritime facilities under its jurisdiction.

Since the initial breach, there have been no further unauthorized activities detected on port systems. Nonetheless, officials have maintained a heightened state of alert and vigilance, with continuous monitoring to prevent any further incidents.

The cyberattack had tangible implications on the Port's services, impacting functions such as baggage handling, check-in kiosks, ticketing, Wi-Fi, passenger information displays and online presence, including the Port of Seattle website and flySEA mobile app. Despite the encryption challenges posed by the attack, port authorities successfully restored the majority of these affected services within a week.

However, the unauthorized actor's encryption created a barrier to some services, prompting the port's decision to refuse the ransom demand. This decision, the Port believes, aligns with its principles and its responsibility as a custodian of taxpayer funds. Restitution of the port's external website and other internal portals remains underway.

Executive Director Steve Metruck emphasized the Port's resolution to not capitulate to the ransom demand and instead use the incident to further fortify the Port's security and operations.

"From day one, the Port prioritized safe, secure and efficient operations at our facilities. We are continuing to make progress on restoring our systems. The Port of Seattle has no intent of paying the perpetrators behind the cyberattack on our network," said Metruck. "Paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars. We continue working with our partners to not just restore our systems but build a more resilient port for the future."

While responding to the incident, the port uncovered that some of its data might have been accessed by the attackers, a matter which is still under investigation. In the event that any personal information pertaining to employees or passengers was compromised, the port committed to its responsibility of informing those affected.

Beyond recovery efforts, significant measures to elevate the port's security are actively being implemented. These enhancements focus on bolstering identity management, authentication protocols, and overall IT environment monitoring.

The Port of Seattle has apologized for the inconvenience caused by the cyberattack and extends its gratitude to the public for its patience.