The Port of Seattle, a US government agency responsible for managing Seattle’s port and airport operations, officially attributed the recent cyberattack to the Rhysida ransomware group after experiencing disruptions over the past three weeks.
The company isolated certain key processes on August 24 after an incident forced it to take immediate action to protect its operations and maintain customer confidence. A technical issue caused by an IT outage significantly impacted the airport’s ability to process reservations, resulting in delays for departing flights from Seattle-Tacomo International Airport.
Three weeks following the initial revelation, the Port officially substantiated that the August incident was a sophisticated ransomware attack orchestrated by affiliates of the notorious Rhysida group.
The Rhysida legal group allegedly launched a sophisticated ransomware attack in this incident. Since that day, there have been no new unauthorized modifications to Port methods. The Port of Seattle’s maritime services ensure seamless travel connections when departing from Seattle-Tacoma International Airport, as announced in a press release.
“Our investigation has concluded that the unauthorized actor gained access to certain aspects of our computer systems and successfully encrypted select data.”
The decision to take systems offline by the port, coupled with the ransomware gang encrypting any unconnected parties in time, led to outages affecting numerous companies and operations, including baggage, check-in kiosks, ticketing, Wi-Fi, passenger display boards, the Port of Seattle website, the flySEA app, and reserved parking.
As the Port continues to restore services, key functionalities including the Port of Seattle website, SEA Customer Go, TSA wait times, and flySEA app access (excluding pre-August downloads) remain offline.
Despite the ransomware gang’s demands, the Port has refused to pay for a decryptor, even though the attackers have threatened to release stolen data on their darknet leak website if they don’t comply by mid-to-late August.
“The Port of Seattle is resolute in its refusal to compensate those responsible for the devastating cyberattack that targeted our community,” said Steve Metruck, Government Relations Director at the Port of Seattle. “Paying the legal team would not replicate the value of Port or uphold our commitment to being responsible stewards of taxpayers’ dollars.”
Rhysida, a relatively recent ransomware-as-a-service (RaaS) operation, emerged in May 2023, swiftly gaining prominence following successful breaches of both the [insert organizations] and [insert organizations].
The U.S. The Department of Health and Human Services (HHS) has issued a notification regarding the rise in cyberattacks against healthcare organizations. On the same occasion, CISA and the FBI revealed that this cybercrime gang was also responsible for numerous opportunistic attacks targeting victims across a range of diverse industries.
In November, Rhysita breached the systems of Sony’s subsidiary, Insomniac Games, and subsequently exploited the incident by selling information on the dark web after the game studio refused to pay a $2 million ransom demand.
Associates of the company have also been implicated in breaching and stealing data during a notorious Rhysida ransomware attack that occurred in August 2023.
