The Port of Seattle, which operates the city’s Seattle-Tacoma International Airport, says the Rhysida ransomware gang is behind the cyberattack that breached its systems last month, causing travel delays.Port staff have been reportedly working “around the clock” to secure its systems and keep the airport’s operations running smoothly after the Aug. 24 cyberattack, the Port shared in its announcement Friday. It’s also deployed “forensics specialists” and is doing whatever it can to aid the ongoing law enforcement investigation. The Port hasn’t seen any new unauthorized activity on its systems since the attack more than three weeks ago.The Rhysida hacker group is reportedly responsible for the ransomware attack, which encrypted some data in the the Port’s computer systems. This encryption and the Port’s response to quickly isolate impacted systems caused delays at the Sea-Tac Airport and resulted in issues with baggage services, check-in kiosks, ticketing, Wi-Fi services, display boards, the Port’s website, its flySEA app, and parking. Most of these issues have since been resolved, but the airport’s website and internal portals are still down at time of writing, according to the Port’s updates page.The airport isn’t sure yet exactly how much or what data was seized in the attack, but the Port says it won’t be paying the demanded ransom.”Paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars,” said Port of Seattle Executive Director Steve Metruck in a statement. “We continue working with our partners to not just restore our systems but build a more resilient Port for the future. Following our response efforts, we also commit to using this experience to strengthen our security and operations, as well as sharing information to help protect businesses, critical infrastructure and the public.”
Recommended by Our Editors
Rhysida affiliates, who focus on Windows-based ransomware attacks, have been suspected to be tied to Russia. The group previously claimed responsibility for the ransomware attack on Sony’s Insomniac Games last year, which resulted in a 1.6TB leak of stolen data including unreleased game footage, images, and internal presentations.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
About Kate Irwin
Reporter
I’m a reporter covering early morning news. Prior to joining PCMag in 2024, I was a reporter and producer at Decrypt and launched its gaming vertical, GG. I have previous bylines with Input, Game Rant, and Dot Esports. I’ve been a PC gamer since The Sims (yes, the original). In 2020, I finally built my first PC with a 3090 graphics card, but also regularly use Mac and iOS devices as well. As a reporter, I’m passionate about uncovering scoops and documenting the wide world of tech and how it affects our daily lives.
Read Kate’s full bio
Read the latest from Kate Irwin
