The Port of Seattle, which manages Seattle-Tacoma International Airport (Sea-Tac), has revealed that the incident was caused by ransomware seeded by the criminal organisation Rhysida. Initially reported on 24 August 2024, the attack caused system outages and prompted an immediate response to isolate critical infrastructure and prevent further damage.

The Port of Seattle staff, along with forensic specialists and volunteers, are still carrying out their efforts towards the response and recovery from the cybersecurity incident. The cybersecurity incident targeted the Port of Seattle’s computer systems, leading to the encryption of data and affecting key services at Sea-Tac.

Chaos at Seattle port

Although the majority of systems, including baggage handling, check-in kiosks, Wi-Fi, and passenger display boards, were restored within a week, some services, such as the Port of Seattle’s external website and internal portals, are still being fixed.

A temporary website has been set up to keep the public informed of ongoing operations and service availability.

The Port of Seattle has confirmed it refused to pay the ransom demanded by the attackers, who may retaliate by releasing stolen data on the dark web.

An investigation into what data was accessed is ongoing, with early indications that some Port information was compromised in mid-to-late August. The Port of Seattle said it is committed to notifying affected stakeholders, including employees and passengers, if any personal information was taken.

“The Port of Seattle has no intent of paying the perpetrators behind the cyberattack on our network,” said the Port of Seattle’s executive director, Steve Metruck. “Paying the criminal organisation would not reflect Port values or our pledge to be a good steward of taxpayer dollars. We continue working with our partners to not just restore our systems, but build a more resilient Port for the future.

“Following our response efforts, we also commit to using this experience to strengthen our security and operations, as well as sharing information to help protect businesses, critical infrastructure and the public.”

The authority also claimed that new unauthorised activity had been observed on its systems since the day of the first cybersecurity breach.

Despite the severity of the attack, officials have assured the public that it remains safe to travel through Sea-Tac and use the Port of Seattle’s maritime facilities.

According to the authority, it is further implementing enhanced security measures, including stronger identity management and authentication protocols to prevent future incidents.

On a similar note, earlier this month, Transport for London (TfL) confirmed it suffered a cybersecurity incident, triggering an investigation by the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC). As of last week, London’s transport network said that some of its online and digital services were still left offline.

It also said that Live Tube arrival information was unavailable on certain digital platforms such as the TfL website and TfL Go app.

Read more: Mastercard to acquire Recorded Future for $2.65bn