LockBit gang takes credit for attack on water utility in Portugal

The LockBit ransomware group has taken credit for an attack on the water utility of Porto, Portugal's second-largest city.

Águas e Energia do Porto said on February 8 it had been hit with a cyberattack, with its security team able to limit the damage. Public water supply and sanitation were not affected by the attack. 

The LockBit group added the company to its leak site on February 18, according to cybersecurity expert Dominic Alvieri. 

LockBit gave the utility until March 7 to pay a ransom, threatening to publish stolen information from Águas e Energia do Porto systems if the deadline passed without payment.

The utility is owned by the city and is one of the largest Portuguese water supply and wastewater sanitation companies, serving approximately half a million people.

“Due to the incident, some customer services suffered constraints," the utility said, urging people to find other ways to get information, "since the company's response capacity is limited." 

The company was still able to process customer requests at in-person service desks, and it urged people to get virtual service tickets that could be obtained instead of standing in line. 


Credit: Dominic Alvieri

Águas e Energia do Porto said it contacted both the Portuguese National Cybersecurity Center and the Judiciary Police for assistance with the situation. 

The utility did not respond to requests for comment about an update on the situation. 

In addition to managing the water supply and wastewater, the company drains Porto's rainwater, controls about 85 kilometers of water lines, manages the city's waterfront, and more.

LockBit back for more

In December 2022, LockBit breached and encrypted systems at Port of Lisbon, Portugal’s busiest port and one of the most used across all of Europe.

Over the last two years, the country has seen cyberattacks or ransomware incidents cripple one of their largest telecommunications providers, their largest television channel, as well as several financial and insurance institutions.

Water utilities are also frequent targets for ransomware gangs because of the personal customer information, financial data and residence information the companies typically hold.

An August ransomware attack on England's South Staffordshire Water may have enabled cybercriminals to steal customer bank details, the company said in December.

U.S. law enforcement agencies said ransomware gangs hit five U.S. water and wastewater treatment facilities from 2019 to 2021 — and those figures did not include three other widely-reported cyberattacks on water utilities.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.