The Port of Seattle has confirmed that the system outage experienced in August was indeed the result of a ransomware attack. This revelation came during a news release on September 13, where the port identified the perpetrating group as Rhysida, known for other high-profile attacks, including one on the City of Columbus.
In its statement, the Port of Seattle emphasized a firm stance against paying the ransom demanded by the attackers. "Paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars," said Port officials. They acknowledged the potential repercussions, mentioning that Rhysida may retaliate by releasing stolen data on the dark web.
"Paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars,"
The port expressed its commitment to restoring its systems while simultaneously laying the groundwork for a more resilient operational framework. “We continue working with our partners to not just restore our systems but build a more resilient port for the future. Following our response efforts, we also commit to using this experience to strengthen our security and operations, as well as sharing information to help protect businesses, critical infrastructure and the public,” the statement further noted.
As of now, officials at the Port of Seattle report that there has been no evidence of unauthorized activity since the incident, suggesting that their defensive measures have been effective. The port is actively assessing what data may have been compromised and assures that it will notify all stakeholders who could potentially be affected.
Cybersecurity expert Dave Henderson, CEO of CyberStreams, provided critical insights into the modus operandi of Rhysida. “Rhysida will typically use a phishing attack to gain initial access to an organization, and then sometimes they’ll lurk around in that organization for quite a while,” said Henderson. He highlighted that the ultimate aim for such groups is to identify sensitive servers and systems from which they can extract valuable data.
While larger entities like the Port of Seattle may appear to be prime targets for such cyberattacks, Henderson warned that small businesses are equally susceptible. “Attacking 50 small businesses that are maybe more likely to pay a ransom can also be very lucrative,” he stated. This indicates that the threat landscape is broad and that any organization can become a potential target.
Henderson also elaborated on the financial implications of ransomware incidents. He noted, "I just heard about a business that got attacked, and in the first two days, they spent $60,000 just dealing with the incident.” Such realities highlight the importance of having robust cybersecurity preparations in place.
He advised companies to invest in cybersecurity insurance, which can provide vital support during hacking incidents and assist in decision-making processes in crisis situations. It’s a recommendation that emphasizes the need for a proactive approach to cybersecurity in the ever-evolving digital landscape.
Looking Ahead
The Port of Seattle continues its efforts to fortify its defenses against future cyber threats, recognizing the paramount importance of safeguarding both its infrastructure and stakeholders. As cyberattacks become more sophisticated, the decision to refrain from paying ransoms could pave the way for more resilient models of cybersecurity governance in the future.