Ransomware: they encrypt the systems of the Port of Lisbon and ask for almost 1.5 million euros

The Lockbit ransomware group asks for almost 1.5 million euros to return critical information from the Lisbon Port Administration. The data was encrypted about two weeks ago.

Among the encrypted information there is data that includes information from workers and clients, financial reports, contracts and electronic correspondence, among others, and they set a limit of January 18.

Ransomware is a type of virus that makes information inaccessible in order to demand a ransom in exchange. Its name is an acronym for “data rescue program” : ransom in English means ransom, and ware is a shortening of the well-known word software: a data ransomware program. Ransomware is a subtype of malware, an acronym for “malicious software.”

The local press in Portugal added that the cybercriminals threatened to disclose the extracted documentation in the event that they do not receive payment.

The Board of Directors of the Port of Lisbon (the main maritime transport terminal in Portugal) recently acknowledged in a statement that on December 25 it was the victim of a computer attack and that security protocols were “quickly” activated, “being guaranteed the operational activity”.

The entity added that the case has the support of the National Cybersecurity Center and the Portuguese Judicial Police “to guarantee the security of the systems and their data.”

Still, he acknowledged that some service limitations could occur in the following days.

It is not the first time that the country has suffered problems related to cybercrime. Portugal has registered in 2022 computer attacks against different institutions, such as Vodafone Portugal, the TAP airline, the Impresa group, the Ministry of Foreign Affairs, the Lusa news agency and the MC firm of the Portuguese multinational Sonae, among others.

Lockbit, one of the biggest bands

Lockbit is one of the largest cybercrime gangs in the world. His local victims include prepaid Osde, which saw a large amount of leaked patient information, and Ingenio Ledesma. Globally, they managed to access the systems of nearly 200 victims, from airlines, automotive and mining companies to media, hospitality and transport companies.

His motive is purely economic: “ The higher the company’s income, the better. There are no decisive factors , if there is a target, you have to work on it. The location of the target does not matter, we attack everyone who comes our way.” puts it in the crosshairs,” said one of its members in an interview with the security company Flashpoint.

To understand the model under which Lockbit operates, it is necessary to take into account that they have affiliates, in a system called RaaS: Ransomware As a Service.

“The gangs that have this modality put their malicious code up for sale. This is generally through the dark web: there they sell their encryption program and look for someone to deploy it. The partner or affiliate can be an employee of the attacked company, or someone who bought the service to deposit it with a victim, because they have privileged access,” Arturo Torres, Intelligence Strategist against threats for FortiGuard Labs for Latin America and the Caribbean, describes to Clarín. .

The port of Lisbon fell prey to this type of cybercrime .



© Lockbit