The cyber incident that hit the Port of Seattle in late August 2024 was a ransomware attack, the company has confirmed.
In a press release, The organization also shared some additional details that emerged from the investigation, blaming affiliates of the Rhysida ransomware group for the attack.
“This incident was a ransomware attack by the criminal organization Rhysida,” the company noted. “There has been no new unauthorized activity on the Port’s systems since that day. It is still safe to travel from Seattle-Tacoma International Airport and use the Port of Seattle’s maritime facilities.”
No payment
To put things into context, the U.S. government agency that oversees Seattle’s seaport and airport, the Port of Seattle, reported on August 24, 2024, that it had suffered a cyberattack that forced it to take parts of its infrastructure offline. At the time, it didn’t share many details, other than to say it was working hard to restore its services.
Ransomware attackers typically steal sensitive data from their victims and then demand payment in exchange for keeping it private. The same thing happened here, but the company doesn’t know what was stolen so far.
“Our investigation has determined that the unauthorized actor was able to gain access to certain parts of our computer systems and encrypt access to certain data,” the PR further explains. “Our investigation into what data the actor took is ongoing, but it appears that some Port data was obtained by the actor in mid-to-late August. The assessment of the data taken is complex and takes time, but we are committed to this effort and will notify stakeholders who may have been impacted as appropriate.”
The organization said it refused to pay the ransom, which could have resulted in data leaks on the dark web. At the time of writing, that does not appear to have happened.