Hackers demand $6 million in bitcoin from Seattle-Tacoma International Airport, threatening to release stolen data.
At a Glance
- Ransomware gang Rhysida attacked Sea-Tac Airport on August 24, 2024
- Hackers demand 100 bitcoins (approximately $6 million) for stolen data
- Port of Seattle refuses to pay the ransom
- FBI conducting criminal investigation into the cyberattack
- Airport operations disrupted for over three weeks
Cyber Criminals Target Major U.S. Airport
In a brazen attack on American infrastructure, the Seattle-Tacoma International Airport fell victim to a ransomware attack by the criminal gang Rhysida on August 24, 2024. The cyber assault, occurring just before the Labor Day holiday weekend, crippled airport systems and caused significant operational challenges for one of the nation’s busiest travel hubs.
The attack disrupted critical airport functions, including ticketing, check-in kiosks, and baggage handling systems. Smaller airlines were forced to resort to paper boarding passes, while airport staff had to use handwritten gate information and makeshift signage to guide confused travelers. Despite these setbacks, flights continued to operate, demonstrating the resilience of airport personnel in the face of adversity.
The hackers behind last month’s cyberattack on Seattle-Tacoma International Airport are demanding a 100-bitcoin ransom — about $6 million — for stolen data. The Port, which owns and operates Sea-Tac, has decided not to pay.https://t.co/iTGDEWZaKz
— The Seattle Times (@seattletimes) September 18, 2024
Hackers’ Demands and Port of Seattle’s Response
The Rhysida gang has demanded a staggering 100 bitcoins, equivalent to approximately $6 million, in exchange for the stolen data. To exert pressure on airport authorities, the hackers posted eight stolen files on the dark web, threatening to release more sensitive information unless their demands are met.
“On Monday, they posted on their dark website a copy of eight files stolen from Port systems and are seeking 100 bitcoin to buy the data,” stated Lance Lyttle, the airport’s aviation managing director.
However, the Port of Seattle, which operates the airport, has taken a firm stance against capitulating to these demands. Port officials have declared that paying the ransom would not be a responsible use of taxpayer money, choosing instead to focus on system recovery and enhancing cybersecurity measures.
Impact on Passengers and Airport Operations
The cyberattack had a significant impact on airport operations and passenger experiences. U.S. Senator Maria Cantwell highlighted the difficulties faced by travelers during a Senate Commerce, Science, and Transportation Committee hearing.
“The display boards were down for a week. I personally ran through the airport trying to catch a flight, not sure if I was going to the right gate. I had something on my device, but since all the boards were dark, I had no idea if I was going to get to my gate, or if that was really going to be the gate,” Sen. Cantwell recounted. “Employees had paper signs directing passengers on where to get to a gate. Check-in kiosks were down, too, forcing passengers to wait in line for paper tickets. Other passengers endured long waits at baggage claim as airport staff manually sorted through the checked bags in the terminal.”
While most systems have been restored, some internal functions and the airport’s website remained compromised weeks after the initial attack, underscoring the severity and persistence of the cyber threat.
Federal Investigation and Future Cybersecurity Measures
The FBI has launched a criminal investigation into the cyberattack, working alongside airport authorities to uncover the full extent of the breach and prevent future incidents. Lance Lyttle has committed to conducting a thorough after-action report to determine the specifics of the attack, with plans to share findings across the aviation industry.
“We are focusing on recovery right now, and once that is complete, we will conduct an after-action report to determine exactly what happened,” Lyttle said. “We intend to share those findings industrywide and with the committee.”
Senator Cantwell has advocated for stronger cybersecurity measures in the aviation sector, including the FAA Reauthorization Act of 2024, which mandates the establishment of a cybersecurity threat management process. This incident at Sea-Tac Airport serves as a stark reminder of the vulnerabilities in our critical infrastructure and the urgent need for robust cyber defenses to protect America’s transportation systems from increasingly sophisticated digital threats.