Key Takeaways
On Aug. 24, Hackers hacked Seattle-Tacoma International Airport, crippling its baggage handling and ticketing systems and prompting a low-tech workaround: paper boarding passes and handwritten flight information scrawled on whiteboards.
Although the airport managed to avert a full-blown system capture, the hackers still gained access to certain parts of the system and stole important data.
Weeks later, the masterminds behind the attack are now demanding ransom in Bitcoin.
On Sept. 18, hackers posted a copy of eight files on the dark web and demanded 100 Bitcoin ($6.2 million) ransom from the Seattle airport operator to buy back the data.
According to a Fortune report , the Port of Seattle, the airport operator, has refused to pay the ransom, citing concerns about the responsible use of taxpayers’ money.
In a statement, the airport said, “Our investigation has determined that the unauthorized actor was able to gain access to certain parts of our computer systems and was able to encrypt access to some data.”
The airport authorities suspect the hack was orchestrated by the notorious ransomware group Rhysida but didn’t reveal what documents were stolen.
The Federal Bureau of Investigation is currently looking into the airport data breach, and the airport said individuals whose data might have been stolen will be contacted individually.
The airport didn’t reveal what type of data was stolen but noted that assessing the “data taken is complex and takes time. In particular, if we identify that the actor obtained employee or passenger personal information, we will carry out our responsibilities to inform them.”
Rhysida was reportedly behind Ohio’s largest city data breach on Aug. 14. However, the Mayor claimed that the ransomware group only managed to steal corrupted and unusable data.
The cyber attack began on Aug. 24 and impacted baggage handling and ticketing systems, forcing the airport to offer paper-written boarding passes and use whiteboards to indicate flight timings.
Ransomware attacks have become a growing concern worldwide as cybercriminals continue to target critical public infrastructure to demand significant ransom against it.
A crypto ransomware attack is a malware attack in which a hacker group manages to enter the systems of airports, shipyards, or railways.
They then install malware that encrypts the system’s critical files, bringing the key infrastructure to a standstill. Hackers then demand ransom to unlock the files and, in certain cases, threaten to sell critical data on the dark web.
Hackers often demand ransom in crypto because of its anonymous nature.
“Ransomware attacks cost billions of dollars each year, with the annual toll ballooning severalfold over the past five years. According to one estimate , ransomware attacks have led to combined losses of $270 billion. The United States is the most affected country, with 47% of all ransomware attacks focused on US-based firms.