Labor Day travelers urged to take precautions as Seattle airport struggles with cyberattack effects

Avatar

Seattle’s airport, which is still struggling to recover from a cyberattack announced earlier this week that has knocked out its Wi-Fi and forced employees to use dry-erase boards for guidance, urged Labor Day travelers to arrive earlier to mitigate delays.

Seattle-Tacoma International Airport sent out warning messages on Thursday in anticipation of a surge of travelers leaving the city for the three-day weekend. While the airport has remained open since the cyberattack was first discovered on Saturday, screens throughout the facility have been down and some airlines have had to manually sort through bags.

On Thursday the airport said it was able to bring some baggage sorting operations back online earlier this week but is still working on fully restoring baggage systems.

“Biggest impact to travelers is for those flying internationally & low volume carriers. These airlines are not able to access our common use online systems & may be utilizing manual written boarding passes and luggage checks, which is causing some longer lines for their customers,” they said.

“We’re working with airline partners to start the process of turning on and testing systems for our common-use carriers (international and lower-volume airlines). We’ll continue to monitor the status of these tests.”

The airport said Frontier, Spirit, Sun Country, JetBlue and international airlines are specifically affected, urging travelers on these carriers to check with their airline on when to arrive at ticketing.

Flight and baggage display boards around the airport are still down — employees have provided customers with written guidance on dry-erase boards.

Some services, like lost and found, are still down and will only process inquiries once they are back up and running. 

All passengers were told to use their airline apps to get mobile boarding passes and to check baggage digitally before arriving at the airport. 

The Port of Seattle — a government agency that owns the airport, parks, container terminals and more — was also affected by the attack and said it is also struggling to recover. Its website is still down as of Friday afternoon. 

They added that passengers should arrive at least two hours before domestic flights and three hours before international flights. 

The Port of Seattle and Seattle-Tacoma International Airport did not respond to repeated requests for comment about whether they are dealing with a ransomware attack.

When the incident was discovered early on August 24, their IT team isolated critical systems and called in federal authorities to assist with the recovery. The port said on Thursday that it began the process of turning on and testing systems used by the most affected airline carriers but that the tests are ongoing. 

No ransomware gang or hacking group has taken credit for the incident. 

Another west-coast airport was named by ransomware hackers this week. The Hollywood Burbank Airport was listed on the leak site of the BlackSuit ransomware gang on Thursday.

Mike Christensen, a spokesperson for Hollywood Burbank Airport, told Recorded Future News that despite the claims, their facilities continue to operate as normal.

“The staff at Hollywood Burbank Airport are aware of the posts on social media platforms indicating that there was a ‘ransomware attack’ on our facility,” he said. 

“Hollywood Burbank Airport can confirm that we are aware of the attempt to interfere with our systems and we are working with appropriate authorities to ensure the smooth and continued operation of those systems.”

CybercrimeGovernmentNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Suspected North Korean hackers targeted crypto industry with Chromium zero-day

Next Post

Malicious North Korean packages appear again in open source code repository

Related Posts

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

The Lazarus Group, an infamous threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the deployment of a new modular backdoor referred to as CookiePlus, are
Avatar
Read More