LockBit Group Claims Attack on Port of LisbonWebsite Remains Down Following Christmas Day Attack
The LockBit ransomware group has listed Portugal's Port of Lisbon's data just days after authorities confirmed the port was targeted in a cyberattack.
Portuguese news outlet Publico reported hackers compromised the network of the Port of Lisbon on Christmas Day. Speaking to the publication, the port authorities revealed the incident did not affect the port's operations, but they added the Port of Lisbon Administration is working with law enforcement agencies to retrieve the exfiltrated data.
In a message posted to its hack and leak site a day after the attack was reported, LockBit claimed it has stolen all data belonging to the Port of Lisbon. These include financial reports, budgets and personal data of customers, as well as mail correspondence of the staff. The group, which gave the authorities a deadline of Jan.18, demanded a ransom of $1.5 million to download or destroy the data. It further threatened to leak the exfiltrated data if the Port of Lisbon failed to respond within the given deadline.
Port of Lisbon is the third-largest port in Portugal, consisting of five cruise ship docks. It is also the most accessed port in Europe because of its strategic location. As of Friday, the port's website remains down. The port did not respond to a request for comments.
LockBit is a prolific ransomware group that has been active since late 2019 and is often considered the winner of the contest to succeed Conti as the world's most recognized digital extortion gang. Among its victims in the recent past are French defense multinational Continental.
The group earned a wave of media coverage when in June it announced a bug bounty program.
In November, Canadian law enforcement arrested suspected LockBit affiliate Mikhail Vasiliev, 33, in Ontario in an international sting conducted with the involvement of the FBI and the French National Gendarmerie (see: Accused LockBit Ransomware Operator Arrested in Canada).