Ransomware Roundup: 02.11.22

Operations at major oil storage and port facilities in Belgium, the Netherlands, and Germany were disrupted due to suspected ransomware attacks against several companies.

‍

Oiltanking GmbH and Mabanaft GmBH – subsidaries of Marquad & Bahls – were both hit by BlackCat ransomware, the impacts of which caused Shell to reroute oil supplies to other port depots. Reports indicate that the companies were operating in a limited capacity and had declared force majure on inland supply activities as 13 fuel terminals and 200+ petrol stations were disrupted throughout Germany. The Federal Office for Information Security (BSI) implicates the BlackCat (also known as ALPHV) ransomware group in the attack.

‍

In a separate incident, international port terminal operator SEA-Invest was hit with still-unknown cyberattack that brought its operations in Europe and Africa to a halt. It is not yet known if this second attack is linked to the previous attack against Oiltanking GmbH and Mabanaft GmBH or even if the cause was ransomware, but reports indicate that company IT systems resulted in disruption of various terminal operations in Antwerp, the second largest port in Europe.

‍

The Cybersecurity & Infrastructure Security Agency (CISA) released their 2021 trend report showing the increased globalized threat of ransomware. Key takeaways from this report show that at least 14 of 16 critical infrastructure sectors were impacted by ransomware incidents and that criminal ransomware operations have continued to evolve their tactics.

‍

These groups have started to move down market to target 1,000 – 10,000 employee organizations as large-scale incidents like the Colonial Pipeline attack can bring unwanted attention to them. The report also covers the increased targeting of cloud infrastructure providers, managed service providers, and critical infrastructure as well as increased attention on software supply chains. The report is available via CISA.gov.

‍

DarkReading notes that BlackCat (ALPHV) is on the rise. The criminal group has been offering lucrative affiliate offers of 80%+ revenue share and has “named and shamed” more than a dozen victims in less than a month. Researchers from Palo Alto Networks’ Unit 42 team have written extensively about the growth of this group.

‍