Port of Seattle confirms recent cyberattack was ransomware assault

A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.

(Image credit: Shutterstock / Thapana_Studio)

The cyber-incident that hit the Port of Seattle in late August 2024 was a ransomware attack, the company has confirmed.

In a press release, the organization also shared a few additional details that were uncovered in the investigation, with affiliates of the Rhysida ransomware group blamed for the attack.

"This incident was a "ransomware" attack by the criminal organization known as Rhysida," the company noted. "There has been no new unauthorized activity on Port systems since that day. It remains safe to travel from Seattle-Tacoma International Airport and use the Port of Seattle's maritime facilities."

No payment

To put things into context - the United States government agency overseeing Seattle's seaport and airport, Port of Seattle, reported on August 24, 2024 that it suffered a cyberattack that forced it to push parts of its infrastructure offline. At the time, it did not share many details, other than it was working diligently to restore its services.

Ransomware attackers usually steal sensitive data from their victims, and then demand payment in exchange for keeping it private. The same thing happened here, but so far the company doesn’t know what was taken.

"Our investigation has determined that the unauthorized actor was able to gain access to certain parts of our computer systems and was able to encrypt access to some data,” the PR further explains. “Our investigation of what data the actor took is ongoing, but it does appear that some Port data was obtained by the actor in mid-to-late August. Assessment of the data taken is complex and takes time, but we are committed to these efforts and notifying potentially impacted stakeholders as appropriate.”

The organization said it refused to pay the ransom demand, which could result in the data leaking on the dark web. At press time, that doesn’t seem to have happened.

More from TechRadar Pro

Port of Seattle and Sea-Tac airport hit with possible cyberattack
Here's a list of the best firewall software around today
These are the best endpoint security tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.