Hackers are demanding 100 bitcoin (approximately $5,780,000) from the operator of Seattle-Tacoma International Airport (SEA) for documents stolen during a recent cyberattack and posted on the dark web.
The Port of Seattle, which owns and runs the airport, has decided not to pay.
During a hearing before the US Senate Committee on Commerce, Science, and Transportation on September 18, 2024, Lance Lyttle, Aviation Managing Director at SEA Airport said, “paying ransomware to a criminal organization does not reflect Port values.”
According to a cyberattack update posted by HackManac on X, the hackers stole 3TB of databases, internal logins and passwords of employees, a full dump of servers containing emergency services applications for the Port of Seattle and SEA Airport, as well as some staff and customer personal data.
On September 16, 2024, the hackers posted the Port of Seattle’s name on their leak site where they identified victims and a copy of eight files stolen from Port systems. The airport said it is currently reviewing the files.
“The Port has been able to validate that its backups were largely intact, and that no decryption key is necessary to restore our full operations,” Lyttle added.
SEA Airport was hit by a ransomware attack from a criminal organization called Rhysida on August 24, 2024, forcing the airport to shut down various computer systems that run everything from ticketing to display boards and baggage claims, as well as leading to some flight delays and cancellations.
The airport’s internal system and website went down, and the hackers threatened to release personal data from airport employees to the dark web unless the airport paid around $5,780,000 worth of bitcoin ransom.
According to Lyttle, the attack hindered some Port services, including access for some airlines to the baggage source messaging system, the check-in kiosks, common use ticketing, public Wi-Fi, airport display boards, as well as website, the Port’s app, and reserved parking.
During the first days, over 7,000 pieces of luggage were moved manually until some airlines could access the baggage source messaging system.
As of September 18, 2024, three weeks after the attack, most airport’s systems are functioning as usual, but some internal operations remain down. The Port of Seattle has stated that it is safe to travel from SEA Airport and use other facilities.
“Alongside restoration efforts, our own internal investigation is still ongoing. We are still investigating what data the threat actor obtained from our systems, and we are actively supporting the Federal Bureau of Investigation’s (FBI) investigation of the incident,” Lytte added.