Hackers rescued millionaire from Porto de Lisboa
Employee and customer personal data, financial reports, audits, contracts and electronic correspondence are about to be made public. The Porto Administration admits that it is analyzing the dimension of the problem with the PJ, but a cybersecurity specialist warns of the impact that the attack on this type of infrastructure can have on the supply of essential products to the country
The Administration of the Port of Lisbon (APL) was the target of a computer attack and the pirates are now demanding more than one million euros to return access to the data, warning that they only wait until the 18th of January. Otherwise, they publish all the documentation extracted from one of the largest port infrastructures in the country.
The situation, guarantees the experts, reveals the protection of national systems in sectors such as transport, which according to the legislation deviates from being under great protection because it can jeopardize the safety and operability of the country.
To CNN Portugal, the Administration of the Port of Lisbon (APL) admitted to being aware that “there is data on the dark web and a ransom request”, adding that it is “analyzing the dimension of the compromise” and working in “close articulation” with the National Cybersecurity Center, the Judiciary Police and the National Data Protection Commission. The Port of Lisbon did not specify whether it was going to pay the ransom.
According to cybersecurity specialist Nuno Mateus Coelho, it is urgent to understand whether the pirates only had access to a personal computer or went further and managed to control the server and other critical IT services of APL. “Depending on what they have, this case can be problematic. If the problem is more extensive, there may even be a compromise in the loading and unloading services of goods that come on ships, aggravating a crisis situation in the supply chain that already exists.” A scenario that, he explains, would be chaotic and that leads to this type of infrastructure, like others in the area of transport, being considered critical and having to have stricter safety standards, according to the legislation in force.
“Suffice it to see that compromising the operation of ports has a great impact on the economy. Does compromising, for example, the discharge of gas and cereals, other critical products for Europe?”
Content on the dark web
The attack was carried out by a group of hackers known as Lockbit. At this time, on the dark web it is possible to find data about the ransom. They demand 1.5 million dollars (about 1.4 million euros) not to publish all the information stolen from the Port of Lisbon, in a cyberattack that took place on the 25th of December.
According to a publication made on the group’s website on the deep web, the attackers claim to have in their possession “all financial reports, audits, budgets, contracts, information on cargo”, as well as all electronic correspondence, personal data of employees and customers. To prove it, the hackers released the exception of the stolen information, which includes employee payslips, email exchanges and various contracts.
Hackers offer three payment options on the site. The first, worth a thousand dollars, allows you to postpone the publication deadline by 24 hours. The second got all the information in exchange for $1,499,999. And the third option allows you to download the data, at any time, for the same amount. Hackers force this payment to be made in bitcoin.
“After a successful work with the Portuguese Port Authority. In our hands they are. All financial reports, audits, budgets. Contracts, cargo information. Shipping logs with all information about crews. Customers’ personal data. All port documentation. All electronic correspondence. All contracts. And much more. Complete data will be published in case of failure to contact us”, threaten hackers.
The day after the attack, APL guaranteed that its operations had not been compromised and added that “all security protocols and response measures planned for this type of occurrence had been activated”. But it was only now in January that the Porto de Lisboa website was operational again.
The transport sector is part of the infrastructure that the Government considers critical. At the beginning of the previous year, the executive adopted a decree-law in which he admitted that it was necessary to correct “lapses” in the most important areas for the functioning of the State, in addition to energy and transport. Among the priorities was defending against cyberattacks.
“The protection of these infrastructures is very important and so far only the energy and transport sectors have been classified as critical infrastructures and, therefore, with security plans”, says to CNN Portugal Jorge Bacelar Gouveia, president of the Security Observatory, crime organized and terrorism. “But all this has a lot of costs” for companies, he points out.