Port of Barcelona

On September 20, the Port of Barcelona suffered a targeted Ryuk ransomware attack, executed via manual hacking and open-source tools to infiltrate private networks. The attackers gained administrative access across multiple systems before deploying file encryption. Ryuk utilized AES-256 encryption, sparing only critical system files (e.g., `.dll`, `.exe`, Windows System32 directories) and browser/Recycle Bin data. While the attack disrupted internal IT systems, it did not halt shipping operations or port logistics. The incident highlights the vulnerability of critical infrastructure to sophisticated ransomware campaigns, emphasizing the need for robust lateral movement defenses and privileged access controls. No public reports confirmed data exfiltration or ransom demands, but the operational disruption and potential financial/reputational costs—given the port’s role in global trade—remain significant concerns. Recovery efforts likely involved system restoration from backups and forensic investigations to mitigate future risks.

Source: https://www.zdnet.com/article/port-of-san-diego-suffers-cyber-attack-second-port-in-a-week-after-barcelona/

TPRM report: https://www.rankiteo.com/company/portdebarcelona

"id": "por853092125",
"linkid": "portdebarcelona",
"type": "Ransomware",
"date": "9/2018",
"severity": "75",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'industry': 'transportation/logistics',
                        'location': 'Barcelona, Spain',
                        'name': 'Port of Barcelona',
                        'type': 'government/port authority'}],
 'attack_vector': ['manual hacking techniques',
                   'lateral movement via private networks',
                   'open-source tools for privilege escalation'],
 'data_breach': {'data_encryption': 'AES-256 (files encrypted by Ryuk)'},
 'date_detected': '2023-09-20',
 'description': 'On September 20, the port of Barcelona was hit by a Ryuk '
                'ransomware attack. The attackers used manual hacking '
                'techniques and open-source tools to move laterally through '
                'private networks and gain administrative access to as many '
                'systems as possible before initiating file encryption. Ryuk '
                'encrypted all files except those with the extensions dll, '
                'lnk, hrmlog, ini, and exe, and skipped files in Windows '
                'System32, Chrome, Mozilla, Internet Explorer, and Recycle Bin '
                'directories. The attack used AES-256 encryption and only '
                'affected internal IT systems, without disrupting shipping '
                'movements in and out of the harbor.',
 'impact': {'operational_impact': 'none (shipping movements unaffected)',
            'systems_affected': 'internal IT systems'},
 'initial_access_broker': {'high_value_targets': 'internal IT systems '
                                                 '(administrative access)'},
 'motivation': 'financial (ransomware)',
 'ransomware': {'data_encryption': 'AES-256', 'ransomware_strain': 'Ryuk'},
 'title': 'Ryuk Ransomware Attack on the Port of Barcelona',
 'type': 'ransomware'}

Port of Barcelona

Marks & Spencer and Vendor: How safe is your money from cyber attack?

ALPHV: 2 US Cybersecurity Experts Jailed for Aiding ALPHV (BlackCat) Ransomware

Akira and Play: Why manufacturing is taking the hardest hit from ransomware in 2025