Seattle-Tacoma International Airport is still facing shortcomings following a cybersecurity attack that reportedly started back on August 24. As a previous article suspected, a ransomware organization has been found to be behind these attacks.

A Wing's Ransom

Airport officials are claiming a ransomware group called Rhysida has encrypted and stolen data from Seattle-Tacoma (Sea-Tac) airport's systems — "eight files" to be precise, according to Sea-Tac managing director of aviation Lance Lyttle.

The group has allegedly demanded 100 bitcoin, which is around $6 million, in exchange for the stolen files. The Port of Seattle, which owns and operates Sea-Tac, has declined the offer, citing paying the ransomware wouldn't be "good use of taxpayer money".

According to Lyttle in front of a U.S. Senate committee on Monday, Rhysida has posted the eight files up on its dark website, though there's no word on what these files contain or how large or important they are to the airport. If any personal information happens to be found in one of these files, the airport will contact the individuals in question.

Lyttle also mentions the cyberattack and its effects on the airport have since subsided, but the FBI is conducting a criminal investigation.

The airport isn't facing any more constant cancellations or delays, but concessions had to be taken for many flights to run smoothly, such as the use of paper boarding passes over check-in kiosks. The airport's website is still unavailable, but the website's URL now redirects to a makeshift news page that documents the updates revolving around last month's cyberattack.

What Is Rhysida?

Rhysida first emerged in May 2023, with the group being named after the Rhysida class of centipede. Due to internal communications on the group's website, researchers believe the group is based somewhere in Russia. Here are some of the organization's previous cyber attacks:
 

• In November 2023, Rhysida was behind the British Library cyberattack, stealing around 600 GB of data. The library refused to pay a ransom of nearly $1 million. 
• In December 2023, the group leaked data and details of the upcoming "Marvel's Wolverine" video game developed by Insomniac Games, also disclosing information belonging to multiple employees.
• In July 2024, the organization claimed to have stolen over 6 TB of data from the City of Columbus, Ohio, stealing private information from countless city workers. The city declined to pay the ransom, and there was no proof that the data was stolen or shown to the public.

The Port of Seattle issued a statement earlier this week revealing more about Rhysida's cyberattack last month:

“Our investigation of what data the actor took is ongoing, but it does appear that some Port data was obtained by the actor in mid-to-late August. Assessment of the data taken is complex and takes time, but we are committed to these efforts and notifying potentially impacted stakeholders as appropriate.”