At the end of August, Seattle-Tacoma International Airport (SEA) was the victim of a cyberattack that disrupted the airport’s internet, phone and email systems and sowed chaos and flight cancellations ahead of one of the year’s busiest travel periods, before Labor Day weekend.
Along with not being able to check in many passengers, Alaska Airlines (ALK) workers had to manually sort through tens of thousands of passenger bags that would have normally been assigned to carousels digitally.
Related: Cyberattack throws airport into chaos for fourth day in a row
But while airport and airline officials were eventually able to regain access to their software systems, a group claiming to be behind the attack had already seized certain data that it now posted on the dark web.
Here’s why a hacker group is now demanding ransom
During a Sept. 18 hearing with the Senate Commerce, Science and Transportation Committee, SeaTac Aviation Managing Director Lance Lyttle said that a ransom gang known as Rhysida is now also demanding 100 bitcoin (valued at some $6 million) to pull down the material. SeaTac Airport said it would not pay the ransom.
More on travel:
Another National Park just made it more difficult for you to visitDelta Air Lines makes a baggage change that travelers will likeUnited Airlines passenger incident triggers quick response
“On Monday, they posted on their dark website a copy of eight files stolen from Port systems and are seeking 100 bitcoin to buy the data,” Lyttle said without elaborating on what kind of documents were stolen.
He added that the airport is still working with the Federal Bureau of Investigation and the Transportation Security Administration to determine how the attack was orchestrated as well as to prevent it from being done again.
Related: Cruise tips, tricks and hacks from an expert cruiser
SeaTac on ransom: ‘We don’t think it’s the best use of public funds’
“We’re currently reviewing the files published on the leak site, as well as others we believe were copied,” Lyttle told the committee. “[With] regards to paying the ransom, that was contrary to our values and we don’t think it’s the best use of public funds.”
Lyttle further added that individuals — he did not specify whether they are travelers or airport employees — whose data was placed on the dark web would be contacted by airport authorities with instructions on what they need to do to protect themselves.
Australian cybersecurity news site Cyber Daily was one of the outlets that reported that the stolen data might include a scan of a passport belonging to a Port of Seattle program manager, tax forms filed by the airport and individual information such as Social Security numbers and signatures.
The site also reported that Rhysida put the data up for auction on the dark web and is offering it to criminals who pay the highest price until the ransom is met.
“The Port of Seattle has no intent of paying the perpetrators behind the cyberattack on our network,” Port of Seattle Executive Director Steve Metruck said in a separate statement, echoing the sentiment that doing this would not make it “a good steward of taxpayer dollars.”
A month before this attack, airports worldwide faced the famed “blue screen of death” after the CrowdStrike (CRWD) software used to run many airlines’ check-in systems experienced a breakdown. The situation was later found to be linked to a faulty configuration update rather than an attack by malicious actors.