Local

Port of Seattle: August outage at SEA was ransomware attack

The Port of Seattle now says its August system outage was a ‘ransomware’ attack.

In a news release, the port identified the group behind the attack as Rhysida, which is the group behind other attacks, like the one on the City of Columbus.

The port says it is refusing to pay the ransom to the group, but says Rhysidia may retaliate by posting stolen data to the dark web.

The port released a statement that reads in part:

“Paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars. We continue working with our partners to not just restore our systems but build a more resilient port for the future. Following our response efforts, we also commit to using this experience to strengthen our security and operations, as well as sharing information to help protect businesses, critical infrastructure and the public.”

So far, the port says there has been no new unauthorized activity since the hack in August. It believes its efforts to combat the group have been working, adding it has been taking additional steps to enhance its existing controls and further secure its IT environment.

The port says it is committed to finding out what data was taken and notifying all potentially impacted stakeholders as appropriate.

“Rhysida will typically use a phishing attack to gain initial access to an organization, and then sometimes they’ll lurk around in that organization for quite a quite a while,” said cybersecurity expert Dave Henderson, who is CEO of CyberStreams.

“Their goal is to understand what servers and systems are in there, and what data they can get.”

While major entities like airports might seem like enticing targets for hackers, small businesses can be hit too.

“Attacking 50 small businesses that are maybe more likely to pay a ransomware can also be very lucrative,” he said.

Henderson said in general, guidance suggests companies avoid paying a ransom, though sometimes it is more affordable.

“I just heard about a business that got attacked, and in the first two days, they spent $60,000 just dealing with the incident,” Henderson said.

He urges companies to get cybersecurity insurance. Comprehensive policies can provide teams during hacking incidents that can help make those decisions.

0