Port facilities across northern Europe are all reporting what appears to be a spreading cyberattack targeting the region’s oil operations. After initial reports of disruptions in Germany, reports are now also coming in from the Netherlands and Belgium saying that it is impacting the loading and unloading of barges at a time when the oil market is already strained by winter weather. Local prosecutors in the three countries are investigating while reports indicate the European Union’s policy agency has also offered to support the investigation.
The first instances of what appears to be a sophisticated cyberattack were reported in Germany late last week. Oiltranking Group and Mabanaft discovered they had been a victim of a cyber incident on January 29. The companies reporting taking actions to address the situation and strength their network while investigation the extent of the intrusion. A separate company Oiltanking Deutschland that runs terminals in Germany reported that it was operating on a limited capacity and Mabanaft Deutschland which runs inland terminals also reported that its operations were being impacted. Both Oiltanking Deutschland and Mabanaft Deutschland declares force majeure reporting that they were having problems honoring delivery contracts.
German judicial authorities confirmed that they had launched an investigation into suspected extortion of oil operators. The German newspaper Handelsblatt first reported that the German security services believe the attack began with BlackCat ransomware. The software first appeared late last year and drew attention because of its sophisticated approach and incorporating several so-called innovations versus other ransomware.
After the reports of problems in Hamburg, additional terminals began also reporting outages. Belgian authorities are also investigating after ports in Ghent and Antwerp-Zeebrugge were impacted. Similarly, the authorities in the Netherlands became involved. SEA-Tank, Oiltanking, and Evos in Amsterdam, Ghent and Antwerp are all reporting issues related to their operating systems.
The head of Germany’s IT security agency in a press briefing called the incident serious but said it was not grave believing that it has been contained. The authorities are investigating if it was a coordinated attack on multiple locations or if it spread through the cross-border operations along the Dutch-Belgian oil trading hub.
The unloading of oil barges has become an issue while elsewhere companies have worked to reroute shipments. This week, Shell said it was taking steps to reroute to different supply depots because of the attacks.
The current attack is reminiscent of the May 2021 ransomware incident on the U.S.’s Colonial Pipeline. The pipeline, which is one of the largest and most critical in the U.S. as it feeds much of the East Coast, was disrupted for days.