Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Cybercrime

LockBit Group Claims Attack on Port of Lisbon

Website Remains Down Following Christmas Day Attack
LockBit Group Claims Attack on Port of Lisbon
Photo: Porto de Lisboa, via Flickr/CC

The LockBit ransomware group has listed Portugal's Port of Lisbon's data just days after authorities confirmed the port was targeted in a cyberattack.

See Also: Ransomware Response Essential: Fixing Initial Access Vector

Portuguese news outlet Publico reported hackers compromised the network of the Port of Lisbon on Christmas Day. Speaking to the publication, the port authorities revealed the incident did not affect the port's operations, but they added the Port of Lisbon Administration is working with law enforcement agencies to retrieve the exfiltrated data.

In a message posted to its hack and leak site a day after the attack was reported, LockBit claimed it has stolen all data belonging to the Port of Lisbon. These include financial reports, budgets and personal data of customers, as well as mail correspondence of the staff. The group, which gave the authorities a deadline of Jan.18, demanded a ransom of $1.5 million to download or destroy the data. It further threatened to leak the exfiltrated data if the Port of Lisbon failed to respond within the given deadline.

Port of Lisbon is the third-largest port in Portugal, consisting of five cruise ship docks. It is also the most accessed port in Europe because of its strategic location. As of Friday, the port's website remains down. The port did not respond to a request for comments.

LockBit is a prolific ransomware group that has been active since late 2019 and is often considered the winner of the contest to succeed Conti as the world's most recognized digital extortion gang. Among its victims in the recent past are French defense multinational Continental.

The group earned a wave of media coverage when in June it announced a bug bounty program.

In November, Canadian law enforcement arrested suspected LockBit affiliate Mikhail Vasiliev, 33, in Ontario in an international sting conducted with the involvement of the FBI and the French National Gendarmerie (see: Accused LockBit Ransomware Operator Arrested in Canada).

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.