Sun Sep 15 15:00:00 UTC 2024: ## Port of Seattle Hit by Rhysida Ransomware Attack, Refuses to Pay Ransom
**SEATTLE, WA** – The Port of Seattle, which operates the Seattle-Tacoma International Airport (SEA), confirmed on Friday that a cyberattack that disrupted operations at the airport last week was carried out by the Rhysida ransomware group. The attack, which occurred on August 24th, affected various critical systems, including baggage handling, check-in kiosks, ticketing, Wi-Fi, and parking.
The Port confirmed that an unauthorized actor accessed and encrypted parts of their computer systems, disrupting key services. They have refused to pay the ransom demanded by the Rhysida group, and the group may now publish stolen data.
“We remain on heightened alert and are continuously monitoring our systems,” said the Port in a statement. “It remains safe to travel from Seattle-Tacoma International Airport and use the Port of Seattle’s maritime facilities.”
“Paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars,” said Steve Metruck, Executive Director of the Port of Seattle. “We continue working with our partners to not just restore our systems but build a more resilient Port for the future. Following our response efforts, we also commit to using this experience to strengthen our security and operations, as well as sharing information to help protect businesses, critical infrastructure and the public.”
The Rhysida ransomware group has been active since May 2023, targeting organizations in various industries including education, healthcare, manufacturing, information technology, and government.
The Port of Seattle is currently conducting a thorough investigation with assistance from outside experts and is working closely with federal partners. The company will be notifying impacted individuals as the investigation progresses.
First Piper 