Source URL: https://www.theregister.com/2024/09/17/rhysida_port_of_seattle/
Source: The Register
Title: Rhysida ransomware gang ships off Port of Seattle data for $6M
Feedly Summary: Auction acts as payback after authority publicly refuses to pay up
The trend of ransomware crews claiming to sell stolen data privately instead of leaking it online continues with Rhysida marketing the data allegedly belonging to Port of Seattle for 100 Bitcoin (around $5.9 million).…
AI Summary and Description: Yes
Summary: The text discusses a recent ransomware attack on the Port of Seattle by the Rhysida group, highlighting their tactics of selling stolen data instead of leaking it. The attack resulted in extensive personal data being compromised, and the Port is focusing on strengthening its security posture in response.
Detailed Description:
– **Ransomware Tactics**: The Rhysida group has opted to sell stolen data, advertising information allegedly belonging to the Port of Seattle for 100 Bitcoin, which emphasizes a shift in tactics among ransomware groups, moving from extortion through public leaks to private sales.
– **Data Compromised**: The stolen data reportedly includes sensitive information such as:
– Full names
– Social security numbers
– Dates of birth
– Home addresses
– Phone numbers
– Other personal identifiers like heights and weights, hair and eye colors, signatures, and passport scans.
– **Internal Credentials**: The attackers claim to possess internal login credentials of Port employees, heightening the security threat.
– **Comparison with Other Ransomware Groups**: The article points out parallels with other ransomware groups, such as Meow and RansomHub, that have engaged in similar private sale strategies.
– **Expert Opinion**: Sergey Shykevich from Check Point Research expressed skepticism regarding the profitability of this tactic, suggesting it may be more about differentiation and pressure on victims rather than a sustainable business model.
– **Port of Seattle’s Response**:
– The Port confirmed the ransomware attack and indicated successful containment measures.
– It explicitly stated that it has refused to pay the ransom, maintaining that there was no new unauthorized activity since the attack.
– The Port is actively monitoring its systems and working to restore services disrupted by the attack.
– **Security Measures and Future Outlook**:
– The Port of Seattle is focusing on improving its security posture, which will include:
– Enhancements to security controls and continuous monitoring.
– Implementation of stronger identity management and authentication protocols.
This incident underscores the evolving landscape of ransomware, where the focus is shifting towards more discreet forms of monetization, and highlights the critical importance of robust security frameworks for organizations, particularly in connection with sensitive personal and internal data.