The notorious cybergang LockBit posted the data stolen from the Portuguese port on their leak site.
The administration of the Port of Lisbon suffered a cyberattack over Christmas. While the administration of Portugal’s third largest port said the attack didn’t impact operational activity, the company’s website was unavailable at the time of writing this article.
The Portuguese authorities didn’t specify the nature of the attack or who was behind it. However, the LockBit ransomware gang uploaded Port of Lisbon to its leak site, a darknet website where cybercriminals announce their victims.
The gang claims to have stolen all of the data available on the port’s systems. Threat actors intentionally publicize what data was stolen to force victims into paying the ransom. LockBit demands close to $1.5m to download or destroy the data.
LockBit has been the most prolific ransomware gang of 2022, victimizing over 1,200 organizations worldwide. Earlier this month, the gang’s affiliates breached the Finance Department for the state of California.
A report by threat intelligence firm Digital Shadows shows that for two consecutive quarters, LockBit and its affiliates accounted for over a third of all ransomware attacks involving organizations being posted to ransomware leak sites.
The gang’s high profile is becoming problematic as breaches invite international cooperation between law enforcement agencies. Sources recently told Reuters that the FBI got involved in investigating LockBit’s hack of German automotive supplier Continental.
LockBit’s success stems from the group’s ability to combine a surprisingly business-oriented approach with specialized technology. For example, the group has set up a bug bounty program and offers customer support, feats often associated with software companies rather than criminal cartels.
More from Cybernews:
Subscribe to our newsletter