Hackers demand $6 million in bitcoin from Seattle-Tacoma International Airport after a devastating cyberattack, raising concerns about the vulnerability of critical infrastructure.
At a Glance
- Rhysida ransomware group attacked Sea-Tac Airport on August 24, 2024
- Hackers demanded 100 bitcoins (approximately $6 million) for stolen data
- Port of Seattle refuses to pay the ransom, citing misuse of taxpayer money
- FBI is conducting a criminal investigation into the cyberattack
- Airport operations were disrupted for over three weeks, affecting various services
Cyberattack Cripples Sea-Tac Airport
On August 24, 2024, just a week before the bustling Labor Day holiday weekend, Seattle-Tacoma International Airport fell victim to a sophisticated cyberattack. The Rhysida ransomware group infiltrated the airport’s critical systems, causing widespread disruptions that lasted for over three weeks. The attack affected key services including the airport’s website, email, and phone operations, forcing staff to resort to manual processes for flight check-ins, baggage handling, and gate information displays.
The impact on passengers was significant, as highlighted by U.S. Sen. Maria Cantwell during a Senate Commerce, Science, and Transportation Committee hearing. Many travelers faced confusion and delays due to non-functional display boards and check-in kiosks. Smaller airlines had to use paper boarding passes, while airport staff improvised with handwritten signs to direct passengers to their gates.
Ransom Demand and Data Breach
The Rhysida group demanded a ransom of 100 bitcoins, equivalent to approximately $6 million, for the return of stolen data. To prove the severity of the breach, the hackers posted eight stolen files on the dark web, including sensitive documents such as passport scans, tax forms containing personal information, and even a map of Portland International Airport.
“On Monday, they posted on their dark website a copy of eight files stolen from Port systems and are seeking 100 bitcoin to buy the data,” said Lance Lyttle, SEA’s aviation managing director.
The Port of Seattle, which operates the airport, has taken a firm stance against paying the ransom. Officials believe that complying with the hackers’ demands would not be a responsible use of taxpayer money and could potentially encourage further attacks.
Response and Recovery Efforts
The FBI has launched a criminal investigation into the cyberattack, working alongside airport authorities to identify the perpetrators and prevent future incidents. Sea-Tac officials have managed to bring most systems back online, but the airport’s website and some internal functions remain compromised.
“We are focusing on recovery right now, and once that is complete, we will conduct an after-action report to determine exactly what happened,” Lyttle said. “We intend to share those findings industry wide and with the committee.”
The airport has committed to contacting individuals whose personal information may have been compromised in the attack. Additionally, an after-action report will be conducted to determine the specifics of the breach, with findings to be shared across the industry to improve overall cybersecurity measures.
Implications for Aviation Security
This incident at Sea-Tac Airport is part of a growing pattern of cyberattacks targeting critical infrastructure, including other airports and airlines. It underscores the urgent need for stronger cybersecurity measures in the aviation sector. Sen. Cantwell has been a vocal advocate for enhancing cybersecurity, pushing for the implementation of the FAA Reauthorization Act of 2024, which mandates the establishment of a comprehensive cybersecurity threat management process.
As the threat landscape continues to evolve, it is clear that immediate action is required from both Congress and the aviation industry to protect air travel from future cyber disruptions. The Sea-Tac attack serves as a stark reminder of the vulnerabilities in our critical infrastructure and the potential consequences of inadequate cybersecurity measures.
Sources:
1.Hackers demand $6 million for files stolen from Seattle airport operator in cyberattack
2.Hackers demand $6 million for files stolen from Seattle airport operator in cyberattack