The Christmas Day attack did not compromise operations, the Port Authority said.
Portugal’s third largest port suffered an attack by the LockBit ransomware gang over Christmas, according to a report in BleepingComputer. The Port of Lisbon is part of the critical infrastructure in Portugal’s capital city, serving container ships, cruise ships, and pleasure crafts.
The Port of Lisbon Administration (APL) said in a statement that the attack didn’t impact operational activity, but the company’s website remains unavailable at the time of writing this article.
According to the statement, “all security protocols and response measures planned for this type of occurrence were quickly activated”, with the situation being monitored by the National Cybersecurity Center and the Judiciary Police.
“The Administration of the Port of Lisbon (APL) is working permanently and closely with all the competent authorities, in order to guarantee the security of the systems and respective data”, the statement continued.
Files published on extortion site
The Portuguese authorities didn’t specify the nature of the attack or who was behind it. LockBit, however, uploaded Port of Lisbon to its leak site, a darknet website where the gang’s victims are announced.
LockBit claims to have stolen all of the data available on the port’s systems, including financial reports, audits, budgets, contracts, cargo information, ship logs, crew details, port documentation, email correspondence and more.
LockBit demands close to $1.5 million to restore the data. BleepingComputer notes, however, that the gang is offering to sell the data for the same amount to anyone wishing to access them immediately and exclusively.
The group has already published samples of the stolen data, but BleepingComputer could not verify their legitimacy. LockBit currently uses the third iteration of its encryptor, which powers the notorious ransomware-as-a-service (RaaS) operation. The group is one of the most prolific ransomware gangs currently active.