Local

Ransomware group that attacked Sea-Tac Airport’s systems demands $6M in bitcoin

SEATAC, Wash. — A group of ransomware hackers that caused a system outage at Seattle-Tacoma International Airport last month are demanding $6 million in bitcoin for documents they stole last month and posted on the dark web this week, according to the Associated Press.

The Port of Seattle did not pay, and instead spent about a week getting the airport’s systems back online.

In a news release last week, the port identified the group behind the attack as Rhysida.

On Wednesday, Lance Lyttle, aviation managing director at Sea-Tac, spoke in front of the Senate Committee on Commerce, Science, and Transportation during a hearing focused on cybersecurity threats to airports and airlines.

Lyttle discussed the fallout from the attack and the lessons learned.

“One of the reasons we recovered so quickly, and some (systems) weren’t interrupted, is because of segmentation…that’s something we’ve done for years and one of the lessons learned was wanting to have more segmentation,” said Lyttle.

“Every time we witness these technology failures, consumers are the ones left holding the bag,” committee chair Sen. Cantwell said.

She described how the Aug. 24 cyberattack, which blacked out screens throughout the airport, caused problems for flyers, who struggled with finding the right gate, checking in for their flight and finding baggage.

Since then, most of the airport’s systems are back online, but the airport’s website and some internal human resources functions still remain down, according to Cantwell.

Lyttle told the committee that Sea-Tac has been targeted by cyberattackers in the past.

“We have successfully in the past thwarted denial of service attacks, phishing attacks, and we continuously do exercises. We have internal and external audits that we conduct on a regular basis to minimize the impact of any cyberattacks on our environment,” Lyttle said.

He said of the documents stolen in the August attack, 8 pages of data have already been posted.

Airport officials are reviewing the pages and will let any customers know if their data was exposed.

0