Port of Seattle’s refusal to pay bitcoin ransom highlights cybersecurity dilemma

Port of Seattle’s refusal to pay bitcoin ransom highlights cybersecurity dilemma Taylor Soper

Sen. Maria Cantwell (left) shakes hands with Lance Lyttle, aviation managing director at the Port of Seattle, at a Senate Commerce Committee hearing this week to examine aviation cybersecurity threats. (Official U.S. Senate Photo / Renee Bouchard)

The Port of Seattle is dealing with a common conundrum facing victims of a ransomware attack: to pay, or not to pay.

Rhysida, the ransomware group that carried out a Aug. 24 cyberattack on the Port of Seattle last month, reportedly posted stolen files on the “dark web” and is seeking 100 bitcoin as payment, equivalent to around $6 million.

That’s according to Lance Lyttle, managing director of aviation for Sea-Tac Airport, who provided testimony at a Senate Commerce committee hearing on aviation cybersecurity threats Wednesday in Washington D.C.

He said Rhysida on Monday posted a copy of eight files stolen from Port systems. The Port is reviewing the files, he said, and it will notify individuals whose information is compromised and provide support.

The Port of Seattle said last week that it refused to pay a ransom demanded by Rhysida.

In regard to paying a ransom, Lyttle said on Wednesday: “That was contrary to our values and we don’t think it’s the best use of public funds.”

The decision to pay a ransom is a “highly debated topic,” said David McGuire, CEO at Seattle-based cybersecurity company SpecterOps.

“On one side you can regain access to your data, resume normal business operations, possibly eliminate that data being leaked, and more,” he said. “On the other side, there’s no guarantee of decryption, you’re not deterring future attacks, and there are legal and ethical issues at play.”

McGuire said the decision is highly dependent on an organization’s security infrastructure and ability to recover through backups and other means.

The FBI, which is leading the investigation into the Port of Seattle cyberattack, “does not support paying a ransom in response to a ransomware attack,” according to its website.

Security company TrueFort wrote in a blog post that paying a ransom “effectively funds criminal activities” and doing so “may inadvertently establish a precedent, signaling to other potential attackers that ransom demands are effective.”

Not paying a ransom can come at a cost. MGM Resorts, which was hit with a ransomware attack last year, refused to pay a ransom and incurred more than $100 million in lost revenue.

Casino operator Caesars was hit with an earlier attack and reportedly paid a ransom worth $15 million.

It’s still not clear how the Port of Seattle was hacked and what other data may have been comprimised.

The data posted reportedly appears to include a scanned U.S. passport, tax identification forms, and other personal identifiable information, according to CyberScoop.

Rhysida previously claimed responsibility for cyberattacks on the British Library last year and the City of Columbus, Ohio this summer. It also targets hospitals and other government institutions.

Lyttle said the investigation is still ongoing. He said the Port has already identified a number of “lessons learned.”

“Even though we have robust cybersecurity systems in place, cyber criminals are always evolving their tactics,” Lyttle said. “We are continuing to work to further harden our cyber defenses, including strengthening our identity management and authentication protocols, as well as enhancing our monitoring.”

Some screens showing flight information were blacked out at Sea-Tac Airport as a result of a cyberattack. (Photo courtesy of David Niu)

Sen. Maria Cantwell (D-WA), who chairs the Senate committee, said Wednesday that cyberattacks on the aviation industry are up 74% since 2020.

Cantwell said cyberattacks and recent technology outages in aviation, including the CrowdStrike incident, “have made it clear that brittle infrastructure won’t cut it.”

The cyberattack and the Port of Seattle’s response to isolate critical systems resulted in an outage that shut down WiFi at Sea-Tac airport, caused delays to baggage services, and disrupted many screens inside the terminal showing flight information.

Cantwell was personally affected by the Sea-Tac cyberattack as she tried to catch a flight and couldn’t find information on the digital boards, which went dark due to the outage.

“We have to wake up and take these aviation threats seriously,” Cantwell said.

The outage did not impact flights or security checkpoints at Sea-Tac Airport, or cruise travel.

The travel experience at Sea-Tac is now “normal,” the airport announced last week.

However, the airport and Port’s websites are still down. Other services such as the airport’s lost and found and visitor pass program are still not accessible.

Previously: Cyberattack at Port of Seattle is the latest example of increasing threats to critical infrastructure

https://ift.tt/DSPh78C September 19, 2024 at 02:37PM GeekWire