The Port of Seattle, a U.S. government agency that oversees the Seattle Seaport and Seattle-Tacoma International Airport (among other things), was hit by a cyberattack over the weekend, shutting down operations and rendering parts of its infrastructure inoperable.
Security operations do not appear to be affected, but since the incident has the hallmarks of a ransomware attack, sensitive data may be at risk.
Early Saturday morning, the Port of Seattle X account announced that there was an internet and web system outage, “impacting some systems at the airport.” The company told air travelers to contact their airline for the latest information regarding their flights.
Ongoing outage
“Earlier this morning, the Port of Seattle experienced some system outages, indicating a possible cyberattack,” the company said in the thread. “The port isolated critical systems and is in the process of restoring full service. There is no estimated time for return.”
A day later, the company said the system outage was ongoing, while cybersecurity teams “continue to make progress” in returning systems to normal operations. No deadline was given.
The fact that it took days to fix the attack and the fact that the organization was forced to disable parts of its infrastructure all point to this being a ransomware attack. There is no confirmation yet. Still, ransomware attacks also steal sensitive data from affected systems, which, given the nature of the Port of Seattle’s operations, could be quite disruptive.
So far, neighboring organizations have not experienced any disruption as a result of the attack. Alaska Airlines said Geekwire It was able to operate its full flight schedule throughout the weekend, with the Transportation Security Administration (TSA) seeing no impact on security operations.
“There is no impact to TSA’s security operations and TSA continues to screen passengers using its robust procedures,” the release said.
At the time of going to print, no ransomware operator (or any other group) has claimed responsibility for the attack or leaked any information.
Via TechCrunch