Bad Actors Demand $6 Million After Cyberattack Against Airport

Bad Actors Demand $6 Million After Cyberattack Against Airport

Seattle-Tacoma International Airport was hit with a $6 million ransom demand in bitcoin from hackers who stole sensitive information, but the airport’s operator says it won’t pay.

At a Glance

  • Hackers demanded 100 bitcoins ($6 million) from Seattle-Tacoma International Airport’s operator for stolen documents.
  • The Port of Seattle, which operates the airport, refuses to pay the ransom.
  • The ransomware gang Rhysida is linked to the attack, which began on August 24.
  • The FBI is conducting a criminal investigation into the incident.
  • Officials believe paying the ransom is not a good use of taxpayer money.

Cyberattack Hits Seattle-Tacoma International Airport

Seattle-Tacoma International Airport fell victim to a cyberattack on August 24, just a week before the busy Labor Day holiday weekend. The attack, linked to the ransomware gang Rhysida, disrupted various airport services, including websites, email, and phone systems, affecting tens of thousands of travelers. The hackers reportedly managed to encrypt some data and steal sensitive information before the airport could stop the attack.

Lance Lyttle, Sea-Tac Airport’s aviation managing director, testified before the Senate Committee on Commerce, Science and Transportation about the incident. He revealed that the hackers posted eight stolen files on the dark web and demanded a ransom of 100 bitcoins, equivalent to approximately $6 million.

Port of Seattle Refuses to Pay Ransom

Despite the significant disruption caused by the attack, the Port of Seattle, which operates the airport, has taken a firm stance against paying the ransom. Officials believe that giving in to the hackers’ demands would be contrary to their values and an inappropriate use of public funds. This decision aligns with recommendations from cybersecurity experts and law enforcement agencies, who often advise against paying ransoms as it encourages further criminal activity.

“With regards to paying the ransom, that was contrary to our values, and we don’t think that’s the best use of public funds. So, we decided not to pay it,” Lyttle said while testifying.

The Port of Seattle’s decision not to pay the ransom demonstrates a commitment to protecting taxpayer money and maintaining the integrity of public institutions. However, this choice may come with its own set of challenges as the airport works to recover from the attack and secure its systems.

Impact on Airport Operations and Travelers

The cyberattack had an impact on airport operations. Ticketing systems, check-in kiosks, and baggage handling were disrupted, forcing some passengers to use paper boarding passes. The attack’s timing, coinciding with ongoing renovations and capacity limitations at the airport, further magnified its effects on travelers.

“The display boards were down for a week. I personally ran through the airport trying to catch a flight, not sure if I was going to the right gate,” U.S. Senator Maria Cantwell said during the hearing. “I had something on my device, but since all the boards were dark, I had no idea if I was going to get to my gate, or if that was really going to be the gate.”

Despite these challenges, flights continued to operate. The incident serves as a stark reminder of the vulnerabilities in critical infrastructure and the need for robust cybersecurity measures in the aviation industry.

Ongoing Investigation and Recovery Efforts

The FBI is conducting a criminal investigation into the cyberattack, while port employees have dedicated over 4,000 hours to operating and customer service. The airport is working to enhance its cybersecurity measures and is seeking better information sharing from federal cybersecurity agencies to prevent future attacks.

“Currently, it’s a one-way street that we’re sending the information,” Lyttle said when discussing how federal cybersecurity agencies could help. “We’re not getting back, in a timely enough manner, recommendations of how to improve our infrastructure. That would make a major difference.”

As the investigation continues, the airport has committed to contacting individuals whose personal information may have been compromised. An independent after-action report will be produced once the investigation concludes, potentially providing valuable insights for improving cybersecurity across the aviation sector.

The Seattle-Tacoma International Airport cyberattack serves as a wake-up call for the aviation industry and other critical infrastructure sectors. It highlights the ongoing threat of ransomware attacks and the importance of robust cybersecurity measures to protect sensitive information and maintain operational continuity.

Sources

  1. Sea-Tac refuses to pay 100-bitcoin ransom after August cyberattack
  2. Sea-Tac Airport official testifies hackers demanded ransom of about $6M in bitcoin
  3. Cantwell Opening Remarks at Hearing on Aviation Cybersecurity Threats