Major US Airport Hit With Multi-Million Bitcoin Demand

ransomware

The ransomware group Rhysida has targeted Sea-Tac Airport, demanding $6 million in bitcoin and compromising over 3 terabytes of data.

At a Glance

  • Sea-Tac Airport was hit by a ransomware attack with a demand of $6 million in bitcoin.
  • The attack disrupted multiple airport operations but flights continued.
  • The FBI is conducting a criminal investigation.
  • Sea-Tac officials refused to pay the ransom and are focusing on recovery.

Ransomware Attack Impact and Demands

Seattle-Tacoma International Airport faced a ransomware attack by the Rhysida group, which first came to light on August 24, 2024. The hackers orchestrated the attack demanding a ransom of 100 bitcoins, equivalent to $6 million, in exchange for stolen and encrypted data. The airport’s website and communication systems experienced significant operational disruptions, however, they have refused to pay.

The stolen information has partly been exposed on a darknet leak site, with claims of over 3 terabytes of data compromised. Rhysida published eight files stolen from Port systems on Monday, demanding the ransom payment in return for the data’s non-disclosure.

Operational Disruptions and Security Measures

The attack disrupted various airport functions such as ticketing, check-in kiosks, and baggage handling operations. Smaller airlines had to resort to issuing paper boarding passes, while handwritten signs guided passengers. Flights continued to operate despite these logistical challenges.

Sea-Tac officials have refused to meet the ransom demands. Port authorities stressed that paying the ransom would not be a responsible allocation of taxpayer money. The airport is currently concentrating on recovering and evaluating the scope of the data breach.

Federal Investigation and Future Efforts

The FBI has launched a criminal investigation into the attack. Sea-Tac Airport is also enhancing its cybersecurity framework and cooperating with federal entities to bolster its response against any future cyber threats. Steps are being taken to notify individuals whose personal information may have been compromised.

“We are focusing on recovery right now, and once that is complete, we will conduct an after-action report to determine exactly what happened,” Lyttle said. “We intend to share those findings industry wide and with the committee.”

Senator Maria Cantwell emphasized the necessity for immediate action to protect air travel from future cyber disruptions during a hearing with the Senate Commerce, Science, and Transportation Committee.