Seattle airport 'possible cyberattack' snarls travel yet again

The Port of Seattle, which operates the Seattle-Tacoma International Airport, is investigating a "possible cyberattack" after computer outages disrupted the airport's operations and delayed flights.

The internal internet and web systems outage occurred early Saturday morning, according to an Xeet by the official account belonging to the airport, which serves as a traffic hub for Alaska Airlines and Delta Air Lines. 

In a subsequent Xeet, the Port of Seattle confirmed it had "isolated critical systems and is in the process of working to restore full service and do not have an estimated time for return."

The disruptions continued through Sunday, with the airport urging travelers to check in before arriving at Sea-Tac, and give themselves extra time to get to their gates. We're told terminal screens were also experiencing technical difficulties, adding to the disruption.

Airport goers reported long lines as multiple airlines issued tickets by hand, and local media said "thousands" of travelers were affected.

As of Monday, the Port's website remained offline. While airport and port authorities did not immediately respond to The Register's inquiries about the cyberattack, including whether it was a ransomware infection, the transportation authorities told ABC that the federal government was involved in the probe.

"We are conducting a thorough investigation with the assistance of outside experts," Lance Lyttle, aviation managing director at Seattle-Tacoma International Airport, said in a statement. 

"We have contacted and are working closely with federal partners, including TSA and Customs and Border Protection," Lyttle added.

A CISA spokesperson told The Register: "CISA is aware and working with our stakeholders in monitoring the incident."

The likely cyberattack comes as ransomware gangs batter critical infrastructure including transportation organizations. 

• Ransomware batters critical industries, but takedowns hint at relief
• Delta: CrowdStrike's offer to help in Falcon meltdown was too little, too late
• Halliburton probes 'an issue' disrupting business ops
• AMD internal data reportedly offered for sale

Of the 395 ransomware attacks claimed by criminals in July, more than a third (125 or 34 percent) targeted these critical industries, according to NCC Group. 

The researchers noted that these essential services and facilities make them "valuable targets" to financially motivated criminals, and said "ransomware actors pressure these targets into payment, exploiting their need to remain operational."

Plus, to make matters worse for weary travelers, the weekend cyberattack comes a month after a faulty CrowdStrike update caused a global outage that also snarled flights at airports around the world. ®