Sea-Invest

SEA-Invest, a major port operator managing 24 seaports across Europe and Africa, fell victim to a Conti Ransomware attack on January 30, 2022, orchestrated by the Gold Ulrick cybercriminal group. The attack targeted the company’s IT networks, leading to severe operational disruptions. Six critical oil terminals in key ports Antwerp, Ghent, Terneuzen, and Amsterdam were directly impacted, forcing partial or full suspension of operations. The attack disrupted oil flows across the Netherlands, Belgium, and Germany, causing logistical and economic ripple effects. While the primary motive was financial gain, the scale of the disruption affected cross-border trade, energy supply chains, and port services. The incident highlighted vulnerabilities in maritime cybersecurity, with potential long-term consequences for regional trade and infrastructure stability. The attack’s broader impact extended beyond SEA-Invest, raising concerns about the resilience of Europe’s port and energy sectors against ransomware threats.

Source: https://www.bbc.com/news/technology-60250956

TPRM report: https://www.rankiteo.com/company/sea-invest

"id": "sea256092125",
"linkid": "sea-invest",
"type": "Ransomware",
"date": "1/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"

{'affected_entities': [{'industry': ['maritime', 'logistics', 'oil terminals'],
                        'location': ['Europe', 'Africa'],
                        'name': 'SEA-Invest',
                        'type': 'company'}],
 'date_detected': '2022-01-30',
 'date_publicly_disclosed': '2022-01-30',
 'description': 'SEA-Invest suffered a cyber attack on January 30, 2022, by '
                'the Conti Ransomware Gang (Gold Ulrick) using Conti '
                'ransomware. The attack disrupted IT systems across 24 '
                'seaports in Europe and Africa, including six oil terminals in '
                'Antwerp, Ghent, Terneuzen, and Amsterdam. Operations were '
                'suspended, impacting oil flows in the Netherlands, Belgium, '
                'and Germany. The motivation was financial gain.',
 'impact': {'operational_impact': ['suspended operations',
                                   'disrupted oil flows (Netherlands, Belgium, '
                                   'Germany)'],
            'systems_affected': ['IT networks',
                                 '24 seaports (Europe & Africa)',
                                 '6 oil terminals (Antwerp, Ghent, Terneuzen, '
                                 'Amsterdam)']},
 'motivation': 'financial gain',
 'ransomware': {'ransomware_strain': 'Conti'},
 'threat_actor': ['Conti Ransomware Gang', 'Gold Ulrick'],
 'title': 'SEA-Invest Ransomware Attack by Conti Gang (2022)',
 'type': ['ransomware', 'cyber attack']}

Sea-Invest

Asahi, City of Sugar Land and Government of Palau: Researchers warn of Qilin ransomware gang after group hit hundreds of orgs this year

Rumpke: Rumpke settles lawsuit over employee data stolen in cyberattack

deVixor: New Android Banking Malware ‘DeVixor’ Adds Ransomware Capabilities