{ "id": "a8dc8c61-0295-4752-9248-33c19d94e72a", "created_at": "2026-04-06T00:14:29.157607Z", "updated_at": "2026-04-10T03:26:47.157257Z", "deleted_at": null, "sha1_hash": "24bfc0bd84b749a02aad32efbb39b93961f81ef9", "title": "Port of Lisbon website still down as LockBit gang claims cyberattack", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 130137, "plain_text": "Port of Lisbon website still down as LockBit gang claims\r\ncyberattack\r\nBy Jonathan Greig\r\nPublished: 2023-02-02 · Archived: 2026-04-05 18:13:39 UTC\r\nThe website for the Port of Lisbon is still down days after officials confirmed it was the target of a cyberattack.\r\nThe Port of Lisbon is Portugal's busiest and one of the most used across all of Europe, handling 13,200,000 tonnes\r\nof cargo each year due to its strategic location between Europe and Africa.\r\nOn Christmas Day, officials with the Administration of the Port of Lisbon (APL) told the newspaper Publico that\r\nit had been targeted. Despite the attack, port officials said the incident did not compromise operational activity but\r\nnoted that both the National Cybersecurity Center and the Judiciary Police were notified of the incident.\r\n“All security protocols and response measures planned for this type of occurrence were quickly activated,” port\r\nofficials told Publico in a statement. \r\n\"The Administration of the Port of Lisbon (APL) is working permanently and closely with all the competent\r\nauthorities, in order to guarantee the security of the systems and respective data.”\r\nThe organization did not respond to repeated requests for comment and as of Thursday afternoon, its website was\r\nstill unresponsive. \r\nOn Thursday, the LockBit ransomware group said it launched the attack against the port, claiming to have stolen\r\nfinancial reports, audits, budgets, contracts, ship logs and other information about cargo and crews.\r\nThe gang gave the port until January 18 to comply with ransom demands, threatening to leak the stolen data. \r\nhttps://therecord.media/port-of-lisbon-website-still-down-as-lockbit-gang-claims-cyberattack/\r\nPage 1 of 4\n\nThe attack is the latest in a series of cyberattacks on ports across Europe that have caused massive issues. In\r\nFebruary, European prosecutors and cybersecurity officials began investigating a ransomware attack affecting\r\nseveral major oil port terminals.\r\nOil companies Oiltanking and Mabanaft, both owned by German logistics conglomerate Marquard \u0026 Bahls,\r\nsuffered a cyberattack that crippled their loading and unloading systems in February. Oiltanking said it “declared\r\nforce majeure” due to the attacks. \r\nThe attacks forced Shell to reroute oil supplies to other depots. German newspaper Handelsblatt said 233 gas\r\nstations across Germany had to run some processes manually because of the attack.\r\nLast month, Secretary of the U.S. Department of Homeland Security Alejandro Mayorkas told Congress that the\r\nmost significant threat to U.S. ports are cyberattacks.\r\n\"We are increasing the level of technology by which our ports operate and that is why not only Customs and\r\nBorder Protection have a focus on cybersecurity but so does the United States Coast Guard,” Mayorkas said. \r\n“I would identify, with respect to our ports, cybersecurity, as a significant threat stream and we are of course very\r\nfocused on defending against it and strengthening our cybersecurity.” \r\nSeveral cybersecurity experts said ports are ripe targets for cybercriminals and nation-states interested in causing\r\ndisruption and harm. \r\nChris Grove, a director at cybersecurity firm Nozomi Networks, told The Record that disrupting port operations\r\ncan have cascading impacts into other sectors, similar to attacks on power infrastructure.\r\n“For example, China is heavily reliant on their ports to feed their energy backbone, most of their power generation\r\ncomes from imported-by-sea coal and oil,” he said.  \r\nhttps://therecord.media/port-of-lisbon-website-still-down-as-lockbit-gang-claims-cyberattack/\r\nPage 2 of 4\n\n“Any disruption to that flow, ranging from a naval blockade to a cyberattack, could be crippling to any nation.\r\nHaving that powerful capability in the hands of criminal ransomware operators should cause concern for those\r\nresponsible for public safety and security.”\r\nPorts and maritime operations have unique attributes that are attractive to threats: global footprint, high frequency\r\nof contact, and an amplified impact of loss all make a cyberattack a critical consideration, according to SynSaber\r\nco-founder Ron Fabela. \r\nDuring the NotPetya attack in 2017 it became apparent that ports do not need to be specifically targeted in order to\r\nbe impacted, he explained, noting that Maersk reported losses of up to $300 million dollars.  \r\nGrant Geyer, chief product officer at Claroty, echoed that assessment, explaining that the Russian NotPetya worm\r\nparalyzed supply chains by locking up ports and shipping companies worldwide – costing billions of dollars in\r\ndirect and collateral damage.\r\nWith aging infrastructure, IT and OT systems in ports represent a prime target for cyber criminals to extract a\r\npayment for ransomware attacks, Geyer said, adding that for foreign adversaries, a cyberattack against a port\r\ncreates an opportunity to project power by taking down supply chains and seize up an economy without using\r\nbombs or bullets.\r\n“For industrial control systems, specifically ports and maritime, drive-by ransomware events will continue as we\r\nmove into 2023. The impact of a cyberattack on ports has a downstream effect on numerous critical infrastructure\r\nand way of life for people,” Fabela said. \r\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/port-of-lisbon-website-still-down-as-lockbit-gang-claims-cyberattack/\r\nPage 3 of 4\n\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nSource: https://therecord.media/port-of-lisbon-website-still-down-as-lockbit-gang-claims-cyberattack/\r\nhttps://therecord.media/port-of-lisbon-website-still-down-as-lockbit-gang-claims-cyberattack/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://therecord.media/port-of-lisbon-website-still-down-as-lockbit-gang-claims-cyberattack/" ], "report_names": [ "port-of-lisbon-website-still-down-as-lockbit-gang-claims-cyberattack" ], "threat_actors": [ { "id": "0fc739cf-0b82-48bf-9f7d-398a200b59b5", "created_at": "2022-10-25T16:07:23.797925Z", "updated_at": "2026-04-10T02:00:04.752608Z", "deleted_at": null, "main_name": "LockBit Gang", "aliases": [ "Bitwise Spider", "Operation Cronos" ], "source_name": "ETDA:LockBit Gang", "tools": [ "3AM", "ABCD Ransomware", "CrackMapExec", "EmPyre", "EmpireProject", "LockBit", "LockBit Black", "Mimikatz", "PowerShell Empire", "PsExec", "Syrphid" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434469, "ts_updated_at": 1775791607, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/24bfc0bd84b749a02aad32efbb39b93961f81ef9.pdf", "text": "https://archive.orkl.eu/24bfc0bd84b749a02aad32efbb39b93961f81ef9.txt", "img": "https://archive.orkl.eu/24bfc0bd84b749a02aad32efbb39b93961f81ef9.jpg" } }