$6 Million in Bitcoin Demanded as Ransom in Seattle Airport Hack

Photo byZoshua ColahonUnsplash

A cyberattack that crippled operations at Seattle-Tacoma International Airport (SEA) in late August has led to a ransom demand.

The incident, which occurred just before the busy Labor Day weekend, disrupted internet, phone, and email systems, causing widespread chaos and flight cancellations.

The attack forced Alaska Airlines to manually process tens of thousands of passenger bags, a task typically handled digitally. Despite the challenges, airport and airline officials were eventually able to restore their software systems. However, the damage had already been done.

A group claiming responsibility for the attack had stolen sensitive data and posted it on the dark web.

During a Senate hearing, SeaTac Aviation Managing Director Lance Lyttle revealed that the ransom gang known as Rhysida is demanding 100 Bitcoin, approximately $6 million, to remove the stolen data. The airport has firmly stated that it will not pay the ransom.

"On Monday, they posted a copy of eight files stolen from Port systems on their dark website and are seeking 100 Bitcoin to buy the data," Lyttle said, without disclosing the specific contents of the stolen documents.

The airport is working closely with the Federal Bureau of Investigation and the Transportation Security Administration to investigate the attack and prevent future incidents.

"We're currently reviewing the files published on the leak site, as well as others we believe were copied," Lyttle told the committee. "Regarding paying the ransom, that was contrary to our values and we don't think it's the best use of public funds."

Individuals whose personal information was compromised in the attack will be contacted by airport authorities to receive guidance on protecting themselves.

According to Australian cybersecurity news site Cyber Daily, the stolen data may include a passport scan belonging to a Port of Seattle program manager, tax forms, and sensitive personal information such as Social Security numbers and signatures.

Rhysida is reportedly auctioning off the data on the dark web, offering it to the highest bidder until the ransom is met.

The Port of Seattle has stated its refusal to pay the ransom, emphasizing its commitment to responsible stewardship of taxpayer funds.