Ransomware Roundup: 02.11.22

February 11, 2022
Written by Halcyon Research Team

Operations at major oil storage and port facilities in Belgium, the Netherlands, and Germany were disrupted due to suspected ransomware attacks against several companies.

Oiltanking GmbH and Mabanaft GmBH – subsidaries of Marquad & Bahls – were both hit by BlackCat ransomware, the impacts of which caused Shell to reroute oil supplies to other port depots. Reports indicate that the companies were operating in a limited capacity and had declared force majure on inland supply activities as 13 fuel terminals and 200+ petrol stations were disrupted throughout Germany. The Federal Office for Information Security (BSI) implicates the BlackCat (also known as ALPHV) ransomware group in the attack.

In a separate incident, international port terminal operator SEA-Invest was hit with still-unknown cyberattack that brought its operations in Europe and Africa to a halt. It is not yet known if this second attack is linked to the previous attack against Oiltanking GmbH and Mabanaft GmBH or even if the cause was ransomware, but reports indicate that company IT systems resulted in disruption of various terminal operations in Antwerp, the second largest port in Europe.

The Cybersecurity & Infrastructure Security Agency (CISA) released their 2021 trend report showing the increased globalized threat of ransomware. Key takeaways from this report show that at least 14 of 16 critical infrastructure sectors were impacted by ransomware incidents and that criminal ransomware operations have continued to evolve their tactics.

These groups have started to move down market to target 1,000 – 10,000 employee organizations as large-scale incidents like the Colonial Pipeline attack can bring unwanted attention to them. The report also covers the increased targeting of cloud infrastructure providers, managed service providers, and critical infrastructure as well as increased attention on software supply chains. The report is available via CISA.gov.

DarkReading notes that BlackCat (ALPHV) is on the rise. The criminal group has been offering lucrative affiliate offers of 80%+ revenue share and has “named and shamed” more than a dozen victims in less than a month. Researchers from Palo Alto Networks’ Unit 42 team have written extensively about the growth of this group.

The Halcyon Platform

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks. Halcyon is built by offensive security experts to stop attackers. Our platform is a lightweight agent that combines multiple proprietary advanced prevention engines along with AI models trained solely on ransomware.

Ready to get a demo? Fill out the form and let’s talk!

Get a Demo

Meet with a Halcyon Anti-Ransomware Expert

Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.