SEATTLE, Wash. — This story was originally published on MyNorthwest.com.
The Seattle-Tacoma International Airport (Sea-Tac Airport) website, www.portseattle.org/sea-tac, is back up and running after a ransomware attack shut several systems offline late during the summer.
“The biggest thing that people have been asking for has been when our website would be coming back up and when the SEA Visitor pass would come back on, which is a popular program that folks can get,” Sea-Tac Airport spokesman Perry Cooper said to KIRO Newsradio Monday.
They’re still working to restore some popular functions, like security line wait times, the SEA Visitor Pass and the SEA Airport app.
“We still have some internal systems that aren’t completely up yet,” Cooper told KIRO Newsradio Monday. “Our wait times that the public will see for our security checkpoints, those are still to be restarted again as is our SEA Visitor pass. But really, a lot of things that folks would be seeing have already continued to be operating and our operations just in general have continued on.”
Officials confirmed the cyberattack brought down websites, email and many airport services and also disconnected phone services.
Cooper said the hackers gained access to some passengers’ personal information.
What happened in the Aug. 24 cyberattack
The Aug. 24 cyberattack took down many Port of Seattle and Sea-Tac Airport services, notably leaving airport staff to scramble significantly to get the tens of thousands of travelers arriving at and leaving from the airport to their final destinations.
The incident was a ransomware attack put into motion by the criminal organization known as Rhysida, according to an agency news release distributed in September. The Port of Seattle added the work its team did to stop the attack “appear to have been successful” as there has been “no new unauthorized activity on Port systems since that day.”
Lance Lyttle, Sea-Tac Airport’s aviation managing director, testified at a Senate Committee on Commerce, Science and Transportation hearing in September and provided some additional information. He explained during the hearing and in written comments submitted to the committee that Rhysida, who Lyttle called the “threat actor,” attempted to secure a ransom payment from the Port in exchange for “providing a decryption key and deleting data they copied.”
Lyttle went on to say that Rhysida posted the Port of Seattle’s name on their “leak site where they identify victims, as well as a copy of eight files stolen from Port systems.”
The criminal group’s plan was to publish others in seven days unless the Port of Seattle paid 100 bitcoin. Given that the value of 1 bitcoin hovered between $54,000 and $64,000 in September, the group demanded a ransom of about $6 million to stop the dissemination of private information. (One bitcoin was worth about $94,000, as of Monday, Nov. 25.)
The Port of Seattle and Sea-Tac Airport declined to pay the ransom, opting instead to rebuild their systems.
That was Lyttle’s position during his testimony on Capitol Hill in September.
“With regards to paying the ransom, that was contrary to our values, and we don’t think that’s the best use of public funds. So, we decided not to pay it,” Lyttle said.
Cooper would not give specifics on the number of individuals who may have been affected or what type of information was compromised to KIRO Newsradio. He says that is still being investigated.
“If we expect anybody to have any indication that any kind of material was compromised, we would be reaching out to folks,” Cooper said. “But at this point, it seems to be very limited.”
Steve Coogan is the lead editor of MyNorthwest. You can read more of his stories here. Follow Steve on X, or email him here.
Heather Bosch is an award-winning anchor and reporter on KIRO Newsradio. You can read more of her stories here. Follow Heather on X, or email her here.