The Port of Seattle and Seattle-Tacoma International Airport (SEA) have been faced with a ransomware attack identified on August 24, 2024. The incident, attributed to the criminal group Rhysida, has led to a system outage that impacted various services including baggage handling, check-in kiosks, and the port’s website.

“The Port of Seattle/Seattle-Tacoma International Airport (SEA) website is currently down as part of the system outages that began Saturday, August 24,” the port said in a statement.

“This incident was a “ransomware” attack by the criminal organisation known as Rhysida. The efforts our team took to stop the attack on August 24, 2024, appear to have been successful. There has been no new unauthorised activity on port systems since that day. We remain on heightened alert and are continuously monitoring our systems. It remains safe to travel from Seattle-Tacoma International Airport and use the Port of Seattle’s maritime facilities.”

The port said that its staff has managed to swiftly isolate critical systems and has been working around the clock to mitigate the attack’s impact. This has included engaging with forensics specialists and supporting law enforcement’s investigation of the attacker.

While the recovery is still ongoing, much of the affected infrastructure has been restored, including the majority of port services, however, the port’s website and some internal portals remain down.

The ransomware attack resulted in the encryption of some data and, despite efforts to prevent further unauthorised activity, the attackers may have obtained sensitive information. The port said it has refused to meet the ransom demands, and the actor may respond by posting data they claim to have stolen on their darkweb site.

“We are continuing to make progress on restoring our systems. The Port of Seattle has no intent of paying the perpetrators behind the cyberattack on our network,” said Steve Metruck, Executive Director of the Port of Seattle.

“We took steps to block further activities including disconnecting our systems from the internet, but unfortunately, the encryption and our response actions hindered some port services including baggage, check-in kiosks, ticketing, Wi-Fi, passenger display boards, the Port of Seattle website, the flySEA app, and reserved parking. Our team was able to bring the majority of these systems back online within the week, though work to restore some systems like our external website and internal portals is ongoing,” the port added.

“Our investigation of what data the actor took is ongoing, but it does appear that some port data was obtained by the actor in mid-to-late August. Assessment of the data taken is complex and takes time, but we are committed to these efforts and notifying potentially impacted stakeholders as appropriate.”

In response to the attack, the port is strengthening its identity management, authentication protocols, and overall IT security to prevent future incidents.

The Port of Seattle and Seattle-Tacoma International Airport (SEA) have been faced with a ransomware attack identified on August 24, 2024. The incident, attributed to the criminal group Rhysida, has led to a system outage that impacted various services including baggage handling, check-in kiosks, and the port’s website.

“The Port of Seattle/Seattle-Tacoma International Airport (SEA) website is currently down as part of the system outages that began Saturday, August 24,” the port said in a statement.

“This incident was a “ransomware” attack by the criminal organisation known as Rhysida. The efforts our team took to stop the attack on August 24, 2024, appear to have been successful. There has been no new unauthorised activity on port systems since that day. We remain on heightened alert and are continuously monitoring our systems. It remains safe to travel from Seattle-Tacoma International Airport and use the Port of Seattle’s maritime facilities.”

The port said that its staff has managed to swiftly isolate critical systems and has been working around the clock to mitigate the attack’s impact. This has included engaging with forensics specialists and supporting law enforcement’s investigation of the attacker.

While the recovery is still ongoing, much of the affected infrastructure has been restored, including the majority of port services, however, the port’s website and some internal portals remain down.

The ransomware attack resulted in the encryption of some data and, despite efforts to prevent further unauthorised activity, the attackers may have obtained sensitive information. The port said it has refused to meet the ransom demands, and the actor may respond by posting data they claim to have stolen on their darkweb site.

“We are continuing to make progress on restoring our systems. The Port of Seattle has no intent of paying the perpetrators behind the cyberattack on our network,” said Steve Metruck, Executive Director of the Port of Seattle.

“We took steps to block further activities including disconnecting our systems from the internet, but unfortunately, the encryption and our response actions hindered some port services including baggage, check-in kiosks, ticketing, Wi-Fi, passenger display boards, the Port of Seattle website, the flySEA app, and reserved parking. Our team was able to bring the majority of these systems back online within the week, though work to restore some systems like our external website and internal portals is ongoing,” the port added.

“Our investigation of what data the actor took is ongoing, but it does appear that some port data was obtained by the actor in mid-to-late August. Assessment of the data taken is complex and takes time, but we are committed to these efforts and notifying potentially impacted stakeholders as appropriate.”

In response to the attack, the port is strengthening its identity management, authentication protocols, and overall IT security to prevent future incidents.