The ransomware group Rhysida has targeted Sea-Tac Airport, demanding $6 million in bitcoin and compromising over 3 terabytes of data.
At a Glance
- Sea-Tac Airport was hit by a ransomware attack with a demand of $6 million in bitcoin.
- The attack disrupted multiple airport operations but flights continued.
- The FBI is conducting a criminal investigation.
- Sea-Tac officials refused to pay the ransom and are focusing on recovery.
Ransomware Attack Impact and Demands
Seattle-Tacoma International Airport faced a ransomware attack by the Rhysida group, which first came to light on August 24, 2024. The hackers orchestrated the attack demanding a ransom of 100 bitcoins, equivalent to $6 million, in exchange for stolen and encrypted data. The airport’s website and communication systems experienced significant operational disruptions, however, they have refused to pay.
The stolen information has partly been exposed on a darknet leak site, with claims of over 3 terabytes of data compromised. Rhysida published eight files stolen from Port systems on Monday, demanding the ransom payment in return for the data’s non-disclosure.
The hackers behind last month’s cyberattack on Seattle-Tacoma International Airport are demanding a 100-bitcoin ransom — about $6 million — for stolen data. The Port, which owns and operates Sea-Tac, has decided not to pay.https://t.co/iTGDEWZaKz
— The Seattle Times (@seattletimes) September 18, 2024
Operational Disruptions and Security Measures
The attack disrupted various airport functions such as ticketing, check-in kiosks, and baggage handling operations. Smaller airlines had to resort to issuing paper boarding passes, while handwritten signs guided passengers. Flights continued to operate despite these logistical challenges.
Sea-Tac officials have refused to meet the ransom demands. Port authorities stressed that paying the ransom would not be a responsible allocation of taxpayer money. The airport is currently concentrating on recovering and evaluating the scope of the data breach.
🚨Cyberattack Update‼️
🇺🇸USA: Seattle-Tacoma International Airport (SEA) – Port of Seattle
Rhysida updates the attack on the Port of Seattle, now including Seattle-Tacoma International Airport (SEA).
According to the post, the ransomware group has stolen 3TB of databases,… https://t.co/m1rb32QCPJ pic.twitter.com/VmWXpByehe
— HackManac (@H4ckManac) September 17, 2024
Federal Investigation and Future Efforts
The FBI has launched a criminal investigation into the attack. Sea-Tac Airport is also enhancing its cybersecurity framework and cooperating with federal entities to bolster its response against any future cyber threats. Steps are being taken to notify individuals whose personal information may have been compromised.
Senator Maria Cantwell emphasized the necessity for immediate action to protect air travel from future cyber disruptions during a hearing with the Senate Commerce, Science, and Transportation Committee.