A ransomware attack executed by the Russian cybercriminal group Black Cat (formerly Blackmatter/The Darkside Group) disrupted Mabanaft GmbH’s operations in Germany on January 29, 2022. The attack leveraged a ransomware-as-a-service (RaaS) model, crippling part of Germany’s fuel delivery infrastructure. Approximately 233 petrol stations, primarily in northern Germany, faced disruptions, with payments halted at affected filling stations. The company declared force majeure for inland supply activities, forcing manual workarounds and rerouting fuel deliveries to alternative depots. While no operations outside Germany were impacted, the attack exposed vulnerabilities in critical energy infrastructure, prompting emergency security upgrades and collaboration with authorities. The financial motive was evident, though the ransom amount remained undisclosed. The incident underscored the fragility of supply chains against cyber threats, with cascading effects on regional fuel distribution and operational continuity.
Source: https://www.scmagazine.com/brief/encino-energy-claims-no-impact-from-alphv-ransomware-attack
TPRM report: https://www.rankiteo.com/company/enportbymbenergy
"id": "enp345092125",
"linkid": "enportbymbenergy",
"type": "Ransomware",
"date": "1/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': '~233 petrol stations (mostly in '
'northern Germany)',
'industry': 'Energy/Oil & Gas',
'location': 'Germany',
'name': 'Mabanaft GmbH',
'type': 'Private Company'},
{'industry': 'Energy/Oil & Gas',
'location': 'Germany',
'name': 'Oil Tanking GmbH Group',
'type': 'Private Company'}],
'attack_vector': 'Ransomware-as-a-Service (RaaS)',
'date_detected': '2022-01-29',
'description': 'A ransomware attack targeted Mabanaft GmbH and the Oil '
'Tanking GmbH Group in Germany on January 29, 2022. The '
"attack, attributed to the Russian cybercriminal group 'Black "
"Cat' (formerly 'Blackmatter' and 'The Darkside Group'), "
"disrupted Germany's fuel delivery system and halted payments "
'at ~233 petrol stations, primarily in northern Germany. The '
'attackers used a ransomware-as-a-service (RaaS) model, aiming '
'for financial gain. Mabanaft declared force majeure for '
'inland supply activities, and manual operations were required '
'at affected facilities. The companies initiated '
'investigations with external experts and collaborated with '
'authorities to resolve the incident.',
'impact': {'downtime': "Few days (partial disruption of Germany's fuel "
'delivery system)',
'operational_impact': 'Manual operations required at facilities; '
'rerouting to alternative supply depots',
'payment_information_risk': 'Payments halted at ~233 petrol '
'stations (primarily in northern '
'Germany)',
'systems_affected': ['Fuel delivery systems',
'Payment systems at petrol stations',
'Inland supply operations (force majeure '
'declared)']},
'investigation_status': 'Ongoing (with external experts and authorities)',
'motivation': 'Financial Gain',
'ransomware': {'data_encryption': True,
'ransomware_strain': 'Black Cat (associated with '
'Blackmatter/The Darkside Group)'},
'response': {'communication_strategy': 'Public statement issued; '
'collaboration with authorities',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': 'Improved security of systems and '
'processes',
'third_party_assistance': True},
'threat_actor': 'Black Cat (formerly Blackmatter/The Darkside Group)',
'title': 'Ransomware Attack on Mabanaft GmbH and Oil Tanking GmbH Group',
'type': 'Ransomware Attack'}