Cyber Incident Victim: Port of Lisbon Administration

On December 25, 2022, the LockBit ransomware gang claimed responsibility for a cyberattack targeting the Port of Lisbon Administration (APL), operator of Portugal’s third-largest port and a critical infrastructure node in the capital city. The port’s strategic European location handles container ships, cruise liners, and pleasure craft traffic. APL confirmed the incident in a December 26 statement to Portuguese media, asserting that port operations remained unaffected despite the intrusion. The organization activated predefined safety protocols and response measures immediately after detection, coordinating with Portugal’s National Cybersecurity Center and Judicial Police for ongoing monitoring. APL emphasized continuous collaboration with authorities to secure systems and data, though its official website (portodelisboa.pt) remained offline during the initial reporting period.

LockBit listed APL on its extortion site on December 29, 2022, threatening to publish 1.5 terabytes of stolen data unless a $1,500,000 ransom was paid by January 18, 2023. The group claimed exfiltration of financial reports, audits, budgets, contracts, cargo manifests, ship logs, crew details, customer personally identifiable information (PII), port documentation, and email correspondence. LockBit published purported data samples to support its claims, though external verification of their authenticity was not obtained. The gang offered two additional payment options: a $1,000 fee to delay data publication by 24 hours or an immediate $1,500,000 sale of exclusive data access to third parties. This incident followed LockBit’s November 2022 attack against Continental AG and coincided with reports of Japanese law enforcement assisting LockBit 3.0 victims with system recovery. APL did not disclose technical details about the attack vector, data encryption status, or whether ransom negotiations occurred.