Port of Seattle confirmed on Friday that the Rhysida ransomware group was behind the cyberattack that hit the agency in August.——————————————————————————————————————————-In August, a cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma International Airport, websites and phone systems were impacted.Media reported that the Port of Seattle, which also operates the Seattle-Tacoma International Airport, suffered a cyber attack that impacted the websites, email and phone services. According to The Seattle Times, the cyber attack disrupted travel plans.*’A spokesperson for Alaska Airlines said staff was manually sorting over 7,000 bags, because ‘a majority’ of checked bags missed their flights this weekend.’ [**reported The Seattle Times**](https://www.seattletimes.com/business/sea-tac-airport-officials-say-cyberattack-disrupted-service-websites/).**’We believe this was a cyberattack,’ said Lance Lyttle, managing director of aviation for Sea-Tac Airport, at a news conference Sunday afternoon.’**’We are conducting a thorough investigation with assistance of outside experts We have contacted and are working closely with federal partners, including TSA and Customs and Border Protection,’ [Lyttle added](https://komonews.com/news/local/port-of-seattle-hit-by-potential-cyberattack-still-impacting-airport-operations-cyber-attack-airport-flying-airplanes-seattle-tacoma-sea-travel-sunday-operations-urges-outage-airlines).* Source [NewsBytes](https://www.newsbytesapp.com/news/science/port-of-seattle-sea-tac-airport-suffer-potential-cyberattack/story)The Port of Seattle first reported it was experiencing an internet and web systems outage. According a message posted on X, the problems impacted some systems at the airport.> The Port of Seattle, including SEA Airport, is experiencing an internet and web systems outage, which is impacting some systems at the airport. Passengers are encouraged to check with their airlines for the latest information for their flights.> — Port of Seattle — :anchor: (@PortofSeattle) [August 24, 2024](https://twitter.com/PortofSeattle/status/1827379468895224146?ref_src=twsrc%5Etfw)Passengers were recommended to check with their airlines for the latest information for their flights.In response to the incident, the Port isolated critical systems.Port of Seattle confirmed on Friday that the [Rhysida ransomware group](https://securityaffairs.com/166749/cyber-crime/rhysida-ransomware-bayhealth-hospital.html) was behind the cyberattack. The Rhysida ransomware group has been active since May 2023. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. The victims of the group are ‘targets of opportunity.’*’This incident was a ‘ransomware’ attack by the criminal organization known as Rhysida. The efforts our team took to stop the attack on August 24, 2024, appear to have been successful. There has been no new unauthorized activity on Port systems since that day. We remain on heightened alert and are continuously monitoring our systems.’ reads the [**update**](https://www.washingtonports.org/port-of-seattle-updates) published by the agency. ‘It remains safe to travel from Seattle-Tacoma International Airport and use the Port of Seattle’s maritime facilities.’*The Port confirmed that an unauthorized actor accessed and encrypted parts of their computer systems, disrupting key services like baggage handling, check-in kiosks, ticketing, Wi-Fi, and parking. The company also states that it has refused to pay the ransom, for this reason the ransomware group may publish stolen data.*’From day one, the Port prioritized safe, secure and efficient operations at our facilities. We are continuing to make progress on restoring our systems. The Port of Seattle has no intent of paying the perpetrators behind the cyberattack on our network,’ **said Steve Metruck, Executive Director of the Port of Seattle.** ‘Paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars. We continue working with our partners to not just restore our systems but build a more resilient Port for the future. Following our response efforts, we also commit to using this experience to strengthen our security and operations, as well as sharing information to help protect businesses, critical infrastructure and the public.’*The investigation is still ongoing and will notify impacted individuals.> While our response and recovery are still ongoing, we wanted to share updated information about what happened, what we have been doing, and how we are further strengthening our security. It remains safe to travel from SEA and use Port of Seattle maritime facilities.> — Seattle-Tacoma Intl. Airport (@flySEA) [September 13, 2024](https://twitter.com/flySEA/status/1834675809673789551?ref_src=twsrc%5Etfw)The Port announced that it has been taking additional steps to enhance its existing controls and further secure the IT infrastructure. The agency is strengthening its identity management and authentication protocols, and enhancing the monitoring activities.
Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganin**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, Port of Seattle)**
Related Tags:
NAICS: 485 – Transit And Ground Passenger Transportation
NAICS: 48 – Transportation
NAICS: 481 – Air Transportation
NAICS: 49 – Couriers And Warehousing
NAICS: 92 – Public Administration
NAICS: 922 – Justice
Public Order
Safety Activities
Blog: Security Affairs
Associated Indicators: