On Christmas Day 2022, the Port of Lisbon fell victim to a ransomware attack executed by the cybercriminal group LockBit, resulting in a severe data breach. The attackers exfiltrated highly sensitive operational and financial data, including financial reports, audits, budgets, contracts, cargo information, ship logs, and port documentation. To escalate pressure, LockBit published samples of the stolen data and threatened to leak all seized files unless a $1.5 million ransom was paid. The breach exposed critical infrastructure data, risking operational disruptions, financial fraud, and reputational damage. The attack targeted core port functions, potentially jeopardizing trade logistics, regulatory compliance, and stakeholder trust. Given the scale of data theft—spanning financial, contractual, and logistical records—the incident poses existential threats to the port’s operations, supply chain integrity, and long-term viability. The involvement of ransomware further amplifies the severity, as non-compliance with demands could trigger full-scale data exposure, compounding legal, financial, and strategic repercussions.
Source: https://www.porttechnology.org/news/cyber-attack-threatens-release-of-port-of-lisbon-data/
https://industrialcyber.co/news/port-of-lisbon-targeted-by-lockbit-ransomware-hackers-website-still-down/">https://maritime-executive.com/article/cyberattack-threatens-release-of-port-of-lisbon-data
https://www.porttechnology.org/news/cyber-attack-threatens-release-of-port-of-lisbon-data/
TPRM report: https://www.rankiteo.com/company/porto-de-lisboa
"id": "por221092125",
"linkid": "porto-de-lisboa",
"type": "Ransomware",
"date": "6/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'transportation/logistics',
'location': 'Lisbon, Portugal',
'name': 'Port of Lisbon',
'type': 'government (port authority)'}],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'sensitivity_of_data': 'high (confidential port operations '
'and financial data)',
'type_of_data_compromised': ['financial records',
'operational documents',
'contracts',
'cargo/ship logs']},
'date_detected': '2022-12-25',
'description': 'The Port of Lisbon suffered a ransomware attack and data '
'breach on Christmas Day 2022, raising concerns about the '
'potential exposure of confidential information. The attackers '
'(LockBit) stole financial reports, audits, budgets, '
'contracts, cargo information, ship logs, and port '
'documentation. They published samples of the stolen data and '
'threatened to release all files if their $1.5 million ransom '
'demand was unmet.',
'impact': {'brand_reputation_impact': 'high (potential exposure of '
'confidential port operations)',
'data_compromised': ['financial reports',
'audits',
'budgets',
'contracts',
'cargo information',
'ship logs',
'port documentation']},
'initial_access_broker': {'high_value_targets': ['financial records',
'operational data']},
'motivation': 'financial gain',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransom_demanded': '$1.5 million',
'ransomware_strain': 'LockBit'},
'threat_actor': 'LockBit',
'title': 'Ransomware Attack and Data Breach at the Port of Lisbon',
'type': ['ransomware', 'data breach']}