Cyber Incident Victim: Portofkennewick
Date:
Nov 2020
Location:
United States of America
Summary
Hackers encrypted a Washington port's computer servers and files, demanding a $200,000 ransom for decryption, but the organization refused payment under FBI guidance due to uncertainties about receiving a functional key. The port prioritized restoring operations through offline backups and rebuilding systems, with email functionality expected within a day and full data recovery anticipated to take several days while cooperating with federal investigators. The attack employed sophisticated encryption without known decoders, though the port's technology contractor assessed no compromise of individual data, characterizing the incident as a system-locking effort rather than data theft. Recovery costs depended on repair duration, with plans to implement enhanced security measures following the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 17, 2020, the Port of Kennewick in Washington experienced a sophisticated cyberattack that encrypted its computer servers and files, rendering critical systems inaccessible. Hackers demanded a $200,000 ransom in exchange for an encryption key to restore access. The port, under FBI guidance and with input from technology professionals, refused payment due to the absence of guarantees that the attackers would honor the agreement. The attackers employed what the port described as 'military-grade encryption,' for which neither the FBI nor the Washington State Office of Cyber Security possessed a known decoder. Initial assessments indicated the attack’s primary objective was to coerce payment through system lockdown rather than to exfiltrate or compromise sensitive data. The port’s information technology contractor found no evidence that individual data had been accessed or stolen.
In response, the port initiated recovery efforts by collaborating with the FBI and its IT contractor to rebuild systems using offline backups. Restoration priorities included reactivating the email server, which was offline but expected to resume operations by November 18 following overnight work. Reconstructing other offline data was projected to take several additional days, partly due to delays caused by the contractor’s concurrent assistance with the FBI’s investigative requests. The port’s deputy chief executive confirmed that regular server upgrades and security software updates had been implemented prior to the incident under contractor and consultant oversight. Recovery costs remained undetermined, contingent on the contractor’s labor hours required to repair damaged systems. Post-recovery plans included enhancing security protections to prevent future attacks. Operational impacts included prolonged email outages and delays in data accessibility during the restoration period.