European Oil Port Terminals Crippled by Cyberattack and Ransomware

In late January 2022, a substantial ransomware attack negatively impacted at least 17 ports and oil terminals in Western Europe. The ransomware/malware attack also affected oil storage and transport.

The companies reportedly impacted, according to a report on the GovInfoSecurity website included Oiltanking and Mabanaft in Germany, SEA-Invest in Belgium, and Evos in The Netherlands. Also affected were six oil storage terminals in the Amsterdam-Rotterdam-Antwerp area.

The impacts of the cyberattack resulted in re-routing tankers, significantly disrupting supply chains and causing difficulty loading and unloading refined product. The Baker Botts LLP international law firm indicated that as of early February, the full extent of the cyberattacks was still not yet known.

The ransomware actor implicated in these attacks is the BlackCat cybercrime group, a ransomware organization that was first observed in the mid-November 2021 after targeting companies in the United States, Europe, and the Philippines. BlackCat’s targets at that time included pharmaceutical entities and construction, engineering, retail, transportation, insurance, telecommunications and auto component manufacturing.

Reports hint that the ransomware attack has had more of an impact on the Information Technology (IT) systems than on the Operational Technology (OT).

According to, Belgian authorities and the Dutch National Cyber Security Centre are investigating the incidents, and are being supported by Europol.

Unit 42, the threat intelligence arm of security firm Palo Alto Networks, offers an in-depth review of the BlackCat cybercrime group.    

For information on ways to protect from ransomware threats, the United States Cybersecurity and Infrastructure Security Agency (CISA) offers the site as a one-stop shop for high level guidance on ransomware prevention and response.