{"id":273,"date":"2024-09-16T13:25:59","date_gmt":"2024-09-16T13:25:59","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=273"},"modified":"2024-09-16T13:25:59","modified_gmt":"2024-09-16T13:25:59","slug":"port-of-seattle-says-august-cyberattack-was-rhysida-ransomware","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=273","title":{"rendered":"Port of Seattle says August cyberattack was Rhysida ransomware"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

The Port of Seattle has confirmed that Rhysida ransomware<\/a> was used in a cyberattack that took down key computer systems on August 24.<\/p>\n

The US government agency that manages the Seattle-Tacoma International (SEA) airport and Seattle\u2019s seaport and maritime operations has published details of its response to the cyberattack that crippled its baggage, check-in, reserved parking, and other online systems over the weeks since the attack.<\/p>\n

\u201cOn August 24, 2024, the Port of Seattle identified system outages consistent with a cyberattack,\u201d the agency said in a statement Monday. \u201cThis incident was a \u2018ransomware\u2019 attack by the criminal organization known as Rhysida.\u201d<\/p>\n

The agency said it has refused to pay an unspecified ransom amount demanded by the miscreants.<\/p>\n

Operations restored with minimal damage<\/h2>\n

Upon investigating the system outages that occurred on August 24, the agency determined that an unauthorized actor was able to gain access to certain parts of its computer systems and encrypt access to some data.<\/p>\n

In response, the agency disconnected systems from the internet. That, and the ransomware attack itself, affected Port services including baggage, check-in kiosks, ticketing, Wi-Fi, passenger display boards, the Port of Seattle website, the flySEA app, and reserved parking.<\/p>\n

The Port\u2019s security team restored majority of the affected services within a week, with the exception of a few systems including its external websites and internal portals, it said.<\/p>\n

\u201cThe efforts our team took to stop the attack on August 24, 2024, appear to have been successful,\u201d the agency said. \u201cThere has been no new unauthorized activity on Port systems since that day. We remain on heightened alert and are continuously monitoring our systems.\u201d<\/p>\n

Rhysida ransom refused<\/h2>\n

Rhysida is a ransomware operation that operates a ransomware-as-a-service<\/a> (RaaS) model, meaning its creator or owner makes it available to other cybercriminals for hire to deploy against desired targets, in exchange for a share of the ransom.<\/p>\n

In this case, the cybercriminals are out of luck \u2014 and potentially those whose data the agency holds too: \u201cThe Port has refused to pay the ransom demanded, and as a result, the actor may respond by posting data they claim to have stolen on their dark web site,\u201d the agency cautioned.<\/p>\n

While the nature of the data compromised in the attack remain unclear, it could be of high value because of the business segment in which the agency operate. Moreover, the Port of Seattle is an avid adopter of automation and machine learning<\/a> technologies, making it a lucrative data trove for attackers.<\/p>\n

The Rhysida ransomware gang is infamous for targeting organizations operating critical systems for which they can\u2019t afford downtime. The hacker group has, in the past, singled out healthcare systems including the Lurie Children\u2019s Hospital<\/a> and Prospect Medical Holdings<\/a>. Most recently, it claimed the Singing River ransomware attack<\/a> in September 2023, which snowballed into a massive data breach affecting close to one million patients by May 2024.<\/p>\n

The group\u2019s targets have also included educational institutions, manufacturing industry, and the Chilean army, according to a report by the HHS Health Sector Cybersecurity Coordination Center<\/a>.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

The Port of Seattle has confirmed that Rhysida ransomware was used in a cyberattack that took down key computer systems on August 24. The US government agency that manages the Seattle-Tacoma International (SEA) airport and Seattle\u2019s seaport and maritime operations has published details of its response to the cyberattack that crippled its baggage, check-in, reserved […]<\/p>\n","protected":false},"author":0,"featured_media":247,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-273","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/273"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=273"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/273\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/247"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=273"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}