Image: © Maksim Kabakou/Stock.adobe.com
The gang is demanding a ransom and threatening to release the stolen data on the dark web.
The Port of Seattle has been the victim of a ransomware attack by the cyber criminal group Rhysida, which managed to encrypt access to some data and disrupt port services.
In a statement on Friday (13 September), Port officials said the criminal group has demanded a ransom and threatened to release stolen data on the dark web if it is not paid. However, the Port’s executive director Steve Metruck said that it “has no intent of paying the perpetrators behind the cyberattack”.
The Port of Seattle, the US agency that oversees the Seattle port and the Seattle-Tacoma International Airport said that its facilities are functional and safe to use.
On 24 August, the Port “identified system outages consistent with a cyberattack”, the statement notes. As a counter measure, staff disconnected systems from the internet in order to block any further attacks from the group.
However, the encryption of data and the Port’s response actions affected key services including baggage, check-in kiosks, ticketing, WiFi, passenger display boards, the Port website, their app and reserved parking. “It was a fast-moving situation, and Port staff worked to quickly isolate critical systems.
“There has been no new unauthorised activity on Port systems since that day.”
The Port has been working with its forensics specialists and law enforcement to investigate the attack. The investigation to ascertain what data was taken is ongoing. “If we identify that the actor obtained employee or passenger personal information, we will carry out our responsibilities to inform them.”
The Port says it has taken additional steps to enhance existing controls and further secure their IT environment, including strengthening their identity management and authentication protocols.
Rhysida, a cyber gang first observed in May 2023, already has high profile victims including government institutions in Portugal, Chile and Kuwait. It also claimed responsibility for an attack on the US hospital group Prospect Medical Holdings as well as the British Library – all in the last year.
Gangs infect organisational computers with malware, rendering them inaccessible. They then demand a payment to return access to data and systems. In recent years, cyber gangs are threatening to release the data on the dark web as a form of “double extortion”, the Guardian writes.
In the case of the British Library, Rhysida posted low-resolution images of the personal information it gathered, auctioning the stolen data for sale on its leak site with a starting bid of 20 bitcoin or around £590,000.
Earlier this year, US telecoms giant AT&T paid a hacking group $370,000 to delete the data of millions of customers following a massive data breach.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
