LockBit Ransomware attacks Port of Lisbon, Portugal

The LockBit ransomware group claimed the cyberattack on the Port of Lisbon Administration, which is the third largest port in Portugal.

Port of Lisbon forms part of Portugal’s critical infrastructure. It is one of Europe’s most accessible ports due to its strategic position and ability to serve container ships and cruise ships as well as pleasure craft.

A company statement was shared Monday with local media outlets, indicating that the cyberattack had not affected the port’s operations.

The announcement was shared with , a Portuguese national newspaper. It states that “all safety protocols and emergency response measures were immediately activated.”

The statement to the publication states that “The Port of Lisbon Administration [APL] is constantly and closely working with all relevant entities to ensure the security of systems and data.”

The port’s official site at is still offline as of this writing

LockBit warns of data leak

APL did not disclose the nature and extent of the cyberattack in its announcement. However, the LockBit ransomware organization added LockBit to its extortion website yesterday and claimed the attack.

Ransomware gangs claim to have stolen financial records, audits and budgets as well as cargo details, crew details, customer personal identifiable information (PII), port documentation, emails, and other information.

Although the group already has published some of their stolen data, BleepingComputer was unable to verify their authenticity.

LockBit is threatening to release all the files that were stolen during their computer intrusion, January 18, 2022, if they don’t receive payment.

Port of Lisbon listed in LockBit 3.0 Tor site


The ransom was set at $1,500,000 by the threat actor. You can also pay $1,000 to defer publication for 24 hours.

LockBit is offering the data to be sold for the same price to everyone who wants to have them instantly and only.

LockBit is at version 3 of their encryption that powers RaaS, the notorious ransomware-as-a-service project. This is the LockBit Gang’s third version.

A notable LockBit attack also targeted Continental, a multinational auto giant that was listed on Tor’s ransomware site .

Japanese media reported this week that at least three Japanese firms were able to restore their systems free of charge after the LockBit 3.0 attack.