Port of Seattle Hit by Rhysida Ransomware in August Attack

• Port of Seattle announced that Rhysida ransomware is behind the cyberattack that occurred last month.
• The measures taken by the company were successful, as no new intrusions have been observed.
• Currently, most systems are back online, while the external website and internal portals are restored.

The Port of Seattle officially confirmed that the data breach suffered on August 24 was a ransomware attack orchestrated by Rhysida ransomware affiliates. The Port of Seattle has refused to comply with ransom demands. 

The threat actor managed to infiltrate specific parts of the Port’s systems, leading to the encryption of data and temporary outages across multiple services and impaired various Seattle-Tacoma International Airport (SEA) operations, which the Port of Seattle oversees.

Impacted systems included baggage handling, check-in kiosks, ticketing, Wi-Fi, passenger display boards, the official Port of Seattle website, the flySEA app, and reserved parking functionalities. 

While significant progress has been made in restoring these systems, efforts are ongoing to bring back critical services like the Port's website, SEA Visitor Pass, TSA wait times, and complete access to the flySEA app for users who had not downloaded it before the attack.

Rhysida is a ransomware-as-a-service (RaaS) operation that emerged in May 2023. It rapidly gained notoriety through high-profile breaches, including those of the British Library and the Chilean Army. 

Their targets span various sectors, including healthcare and government agencies, as highlighted by advisories from the U.S. Department of Health and Human Services (HHS), CISA, and the FBI.

Recent incidents attributed to Rhysida include the breach of Sony subsidiary Insomniac Games, where 1.67 TB of documents were leaked on the Dark Web after a $2 million ransom demand was refused. Other notable breaches involve the City of Columbus, Ohio, MarineMax, and the Singing River Health System, affecting nearly 900,000 individuals.

Last month, the American Halliburton oilfield services giant was hit by the RansomHub ransomware gang, which disrupted some of the company’s global networks and its north Houston campus business operations.