lockbit2 attacks soharportandfre...
Incident Date:
April 14, 2022
Overview
Title
lockbit2 attacks soharportandfre...
Victim
soharportandfre...
Attacker
Lockbit2
Location
First Reported
April 14, 2022
Ransomware Attack on SOHAR Port and Freezone
The SOHAR Port and Freezone, a pivotal transportation hub located between Dubai and Muscat, recently fell victim to a ransomware attack orchestrated by the Lockbit2 group. This incident has been officially acknowledged by the entity, which is a critical player in the transportation industry, operating as a joint venture equally owned by the Sultanate of Oman and the private sector.
As a significant nexus for global commerce, SOHAR Port and Freezone hosts leading industrial clusters in sectors such as metals, petrochemicals, and logistics. It stands among the fastest-growing port and free zone developments globally, processing over one million metric tons of sea cargo weekly. The port's commitment to digitization aims to enhance efficiency across the port and the entire supply chain.
The Lockbit2 ransomware group has taken credit for this cyber assault through their dark web leak site, leading to the blocking of the victim's website, http://www.soharportandfreezone.com/. While specific vulnerabilities that made the company an attractive target have not been detailed, the transportation sector's increasing encounters with ransomware attacks highlight a growing threat. These incidents have impacted major software suppliers for maritime and oil transport and storage entities.
Lockbit2, notorious for its focus on various industries including the maritime sector, has previously launched attacks on European ports. The group's modus operandi involves threatening to release stolen data unless their ransom demands are met.
In light of such threats, it is imperative for organizations to implement robust mitigation, detection, and response strategies. This is particularly vital as maritime entities progress towards digitalization and the adoption of autonomous systems. Ensuring the strength of recovery processes is equally crucial.
The SOHAR Port and Freezone, alongside other organizations, must elevate cybersecurity protocols to safeguard against ransomware threats, thereby mitigating operational disruptions and protecting the wider supply chain.
Sources
- CISA Ransomware Guide
- Ransomware attack on maritime software impacts 1,000 ships
- Port of Lisbon targeted by LockBit ransomware hackers, website still down
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.