SEATTLE — Washington Sen. Maria Cantwell (D-WA) said at a congressional hearing Wednesday that a Russian criminal organization requested $6 million worth of Bitcoin from the Port of Seattle in last month's ransomware attack.
The Port of Seattle said last month that a criminal organization behind the attack, known as Rhysida, stole data in a ransomware attack discovered on Aug. 24. Officials said the attackers encrypted access to some data before the port disconnected its systems from the Internet. The combination of the attack and encryption hindered services including baggage, check-in kiosks, ticketing, WiFi and more.
Lance Lyttle, Port of Seattle managing director of aviation, said the criminal group posted a copy of eight files stolen from the port's system on its dark website Monday. Port officials are reviewing the files and others believed to have been copied by the criminal organization.
Lyttle said at the hearing Wednesday that officials will notify any individual whose information was compromised in the ransomware attack. He said the Port of Seattle will not pay the ransom asking price, which was 100 Bitcoin.
The Federal Bureau of Investigation (FBI) is investigating the attack.
“Sea-Tac’s situation isn’t unique," Cantwell said Wednesday. "Across the country we’ve seen troubling examples of cybervulnerabilities in our aviation sector.”
Lyttle said the ransomware attack had a magnified impact on passengers because SEA is designed to serve 30 million passengers every year, but is tracking to have over 52 million travelers in 2024. The airport is also undergoing a major renovation, compacting the issue for passengers, Lyttle said.
“We regret any inconvenience," Lyttle said. "At no point did this incident impact our ability to safely travel through the airport or the port’s maritime facility.”
Since the ransomware attack, Lyttle said the port has prioritized several ways to improve its cybersecurity defenses, including improved authentication protocol and enhanced monitoring.
“I’m incredibly proud of how our team sprung into action to keep our airport operating, especially over the busy Labor Day travel period," Lyttle said.
Cantwell said Wednesday it's important for the public to have confidence in the federal government to ensure their safety while traveling through airports.
The Washington senator said the FAA Reauthorization Act of 2024 was signed into law. The legislation included provisions to strengthen cybersecurity and directed the Federal Aviation Administration (FAA) to establish a process to identify aviation cyber threats.
Cantwell said the FAA and the Transportation Security Administration (TSA) issued cybersecurity requirements for airports, airlines and manufacturers in 2023.
According to Cantwell, cyberattacks have been increasingly common throughout the country. The senator cited statistics indicating that cyberattacks on frequent flier accounts are up 166% this year.
“Brittle infrastructure won’t cut it," Cantwell said.