Cyberattack Threatens Release of Port of Lisbon Data

Lisbon ransomware attack
Port Authority of Lisbon is reportedly being subjected to an ongoing ransomware attack (Lisbon file photo)

Published Dec 29, 2022 6:34 PM by The Maritime Executive

The Port of Lisbon, one of Europe’s busiest ports is under cyberattack with reporting indicating the criminals are threatening to release confidential port financial information unless their ransom demands are met. The Portuguese newspaper Publico is quoting a statement from the port authority confirming that it was attacked on Christmas Day but saying that it has been able to continue operations.

“All security protocols and response measures planned for this type of occurrence were quickly activated,” according to the statement cited by Publico. “The Administration of the Port of Lisbon is working permanently and closely with all the competent authorities, in order to guarantee the security of the systems and respective data.”

Reports indicate that the cyberattack was launched on December 25 taking down the port’s website and internal computer systems. The website remains offline four days later.



Cyber analysts are reporting that the attack was staged using a widespread malicious software program called LockBit. The perpetrators posted statements to the “dark web” demanding a ransom of $1.5 million and setting a deadline on January 18 for the payment. 

According to their postings, they were successful in capturing a broad range of confidential data from the port authority. They are claiming to be in possession of financial reports, company audits, budgets, contracts, cargo manifests, ship logs, information about crewmembers, personal data of customers, and port documentation, among other vital Port of Lisbon information. 

Security analysts are reporting that LockBit is one of the most widespread and problematic ransomware gangs of 2022. By some estimates, they have been behind a third of all the claims of cyberattacks posted in 2022 hitting over 1,200 organizations worldwide. They have been liked to attacks ranging from European oil terminals earlier in 2022 to a breach detected earlier this month by California’s Department of Finance. The group claimed to have stolen 76 terabytes of data ranging from financial data to court records. The California Office of Emergency Services later confirmed without providing details that a dangerous “intrusion” had been discovered by state and federal authorities.

The Port of Lisbon, which has more than 3,500 vessel calls annually handling over 13.4 million tons of cargo, is reporting the port operations are functioning this week despite the cyberattack.