LockBit ransomware gang strikes the Port of Lisbon, demands a $1.5m ransom

The Port of Lisbon Administration (APL), has suffered a significant cyber attack that has forced authorities to take its official website offline.

According to local media reports, APL was targeted on Christmas day but the cyber security incident did not affect its daily operations.

“All safety protocols and response measures provided for this type of occurrence were quickly activated, the situation being monitored by the National Cybersecurity Center and the Judicial Police,” explained the Port of Lisbon in a statement shared with the Portuguese national newspaper Publico.

“The Port of Lisbon Administration (APL) is working permanently and closely with all competent entities in order to guarantee the security of the systems and respective data.”

While the APL authorities did not specify the nature of the cyber attack or who was responsible for the same, the notorious LockBit ransomware gang has listed APL in its list of high-profile victims. The gang claims to have stolen financial reports, audit reports, budgets, contracts, cargo information, ship logs, crew details, customers’ personally identifiable information, port documentation, and email correspondence.

The gang has given a deadline of January 18 to the Port of Lisbon to pay a ransom of around $1,500,000. If the ransom is not paid by then, the gang will publish the stolen data. LockBit has also kept an option to delay the publication by 24 hours by paying another $1,000.

Commenting on the news, Mark Lamb, CEO of HighGround.io, said, “If the attackers behind this attack are being honest, it looks like they have stolen almost all data belonging to the Port, which will put the business in a very vulnerable position.

“Now the data is the hands of the attackers, the Port has two options, ignore the threat and leave the data with the criminals and rebuild from scratch, or pay the demand and hope the attackers delete the data in return. But neither option is favourable.

“This incident once again highlights that preventing attacks is far easier than recovering from them. Organisations must focus on their defences and cyber resilience first.

“Defences must be layered, proactive and solid, as any gaps will be exploited by adversaries. Keeping systems up to date, teaching employees to be vigilant for phishing scams and email-based threats, and implementing robust malware detection solutions and zero trust models are all critical pillars that should go into ransomware defences,” he added.