Rhysida Ransomware Hits Port of Seattle in August Attack – CySecurity News

As part of its investigation, the Port of Seattle, which operates Seattle-Tacoma International Airport in the city, identified the Rhysida ransomware gang as being responsible for a cyberattack that allowed it to access its systems last month, causing delays for travelers. There had already been a ransomware attack targeting the Port of Seattle on Friday, the port said in a statement.

As a result of the attack, which occurred on August 24, the port (which also operates Seattle-Tacoma International Airport) announced that “certain system outages indicate the possibility of a cyberattack.” It is important to note that SEA Airport and its facilities remained open after the storm, but passenger displays, Wi-Fi, check-in kiosks, ticketing, baggage and reserved parking were affected, as were the flySEA application and the port’s website.

According to a press release issued on September 13, the port reported that most of the affected systems had been restored within a week of the attack. So far, the Port of Düsseldorf has not been able to relaunch the external website or the internal portals that were offline after the affected systems were secured and no signs of additional malicious activity were found.

As for the port systems, this incident was a “ransomware” attack by Rhysida, a criminal organization specializing in cybercrime. Since that day, there has been no new unauthorized activity on those systems. In a press release, they emphasized that it was safe to fly to Seattle-Tacoma International Airport and use the port’s maritime facilities.

During this period, the port decided to take systems offline. At the same time, the ransomware gang also encrypted systems that were not isolated in time. This resulted in a series of outages that affected various services and systems, including baggage, check-in machines, ticketing, Wi-Fi, passenger information boards, the Port of Seattle website, the flySEA app, and reservations.

A ransomware attack believed to have been launched by the Rhysida hacking group can be blamed for encrypting some of the data on the port’s computer systems using the ransomware. It was as a result of this encryption and the port’s response to isolate the affected systems as quickly as possible that there were delays at Sea-Tac airport with baggage services, check-in kiosks, ticketing, Wi-Fi, displays, the port’s website and the flySEA app experiencing issues.

Most of these issues have since been resolved; however, the airport’s website and internal portals are still unavailable at the time of writing, as noted in an update posted by the Port of Los Angeles. Following the cyberattack on the airport, the Port of Los Angeles still does not know exactly how much or what type of data was taken by the attackers, but the port cannot pay the ransom. There are no details on what type of data was compromised in the attack; however, the data could likely be of significant value due to the industry sector the agency serves.

There’s another reason the Port of Seattle is such a hotbed of automation and machine learning technologies, meaning it’s a goldmine for attackers in terms of data. In the ransomware world, Rhysida is one of the better-known gangs, largely because of the way they target organizations running critical systems where downtime is not an option.

A hacking group known as the Black Hat Network has previously targeted healthcare institutions including Lurie Children’s Hospital and Prospect Medical Holdings. By May 2024, the number of patients affected by this massive data breach had jumped from a few hundred to nearly a million. The company claimed the Singing River ransomware attack occurred in September 2023.

In addition to educational institutions and manufacturing, the HHS Health Sector Cybersecurity Coordination Center also reported that the group has targeted the Chilean military, universities and hospitals, the report said. In the United States, Health and Human Services (HHS) has implicated Rhysida in an attack on healthcare organizations in the country.

While CISA and the FBI were simultaneously issuing their warnings, various industries and sectors of society were simultaneously being targeted by this cybercrime gang for opportunistic attacks. In November, Rhysida ransomware operators successfully breached Insomniac Games, a subsidiary of Sony, and subsequently leaked 1.67 TB of confidential documents onto the dark web. This happened after the game development studio refused to meet the group’s demand for a $2 million ransom.

Rhysida’s affiliates have also been involved in attacks on several other high-profile organizations. The city of Columbus, Ohio, MarineMax (the world’s largest retailer of recreational boats and yachts), and Singing River Health System have all fallen victim to this ransomware group. Singing River Health System specifically reported that nearly 900,000 individuals were notified of a data breach as a result of a ransomware attack in August 2023, which compromised sensitive personal information.