The ransomware attack has significantly disrupted the port's operations, highlighting the challenges that critical infrastructure providers face in the immediate aftermath of a cybersecurity breach. While recovery efforts are ongoing, the impact continues for some areas.
Most affected systems have been restored, but the port's website, internal portals, and the airport's mobile app remain offline. Despite this, officials reported that the majority of flights have adhered to their schedules, and cruise ship operations have remained unaffected.
The port made it clear that it refused to meet the attackers' demands, warning that the hackers may attempt to post stolen data on the dark web. In an update on Friday, the port stated, "The Port of Seattle does not plan to pay the criminals responsible for this cyberattack," said Steve Metruck, the port’s executive director. "Paying them would go against the values of the port and our responsibility to wisely manage taxpayer funds."
Port authorities have confirmed that some data was compromised by the Rhysida group in mid-to-late August. An investigation is ongoing to determine the specific nature of the stolen information, and those affected will be informed as soon as the analysis is complete.
In November 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint advisory regarding the Rhysida group.
Metruck emphasized the port's efforts not only to restore operations but to use the experience to strengthen future security. "We remain committed to building a more resilient port and will share insights from this incident to help safeguard other businesses, critical infrastructure, and the public," he said.
