Lockbit claims ransomware attack on Portuguese port

The criminals behind the Lockbit ransomware have claimed an attack on the port of Lisbon. The Portuguese port was attacked on Christmas Day, although the work would not have come to a standstill.

The Administração do Porto de Lisboa, one of Portugal’s largest ports, was hit by “a cyber incident” on Christmas Day, but the organization initially gave few details. In a statement to the Portuguese newspaper Publico said the port authority that the attack had no impact on the daily operations in the port. However, various services such as the website do not work properly.

Initially it was not clear what exactly had happened, although it was obvious that a ransomware infection had taken place in the port systems. That is now confirmed by the criminals behind Lockbit, a notorious ransomware gang. According to Bleeping Computer Lockbit claimed the attack. On the Lockbit website, the criminals threaten to publish stolen data if the port authority does not pay. The deadline expires on January 18.

According to the criminals, a lot of information has been stolen from both employees and from the port itself. This would include customer data, although it is not known which. In addition, financial reports and other company-sensitive data have been stolen, along with emails and shipping documents. The criminals want a million and a half dollars to destroy the data, but the criminals also sell the data to anyone willing to pay that amount.

It is not known whether the port authority intends to pay. According to a spokesman, the port had protocols ready for exactly such a situation, so that business operations were not compromised.