Oiltanking in Germany, SEA-Invest in Belgium, and Evos in the Netherlands all had their IT systems disrupted. Dozens of oil storage and transportation ports throughout the world have been impacted, with companies saying that the attacks occurred over the weekend.
Experts warn against making the assumption that this is a coordinated attack. According to the BBC, all three organizations’ IT systems were offline or seriously impacted. Belgian authorities said they’re looking into a cyber-attack that hit SEA-Invest terminals, including the company’s largest, the SEA-Tank, in Antwerp.
According to a corporate representative, the corporation was targeted on Sunday, with every port they operate in Europe and Africa being affected. According to a spokeswoman for Evos in the Netherlands, IT services at terminals in Terneuzen, Ghent, and Malta have “caused some execution delays.”
Oiltanking Deutschland GmbH & Co. KG, a company that stores and transports oil, automobile fuels, and other petroleum products, announced on Monday that it had been hacked. According to the company, it was compelled to function at “restricted capacity” and was investigating the situation.
According to some sources, the attack on Oiltanking was caused by ransomware, which encrypts data and renders computer systems useless until a ransom is paid. Following a ransomware attack on US oil supplier Colonial Pipeline in May of last year, supplies were tightened across the US, prompting various states to declare an emergency.
Port supply networks were interrupted, according to a spokesperson for a major barging company in the Netherlands.
On Tuesday, when oil deliveries began to slow, a worker said they first noticed problems. “things are moving but much slower than normal”.
The outage occurs as tensions between Ukraine and Russia remain high and concerns about rising energy prices escalate.
However, cyber-security experts warn against assuming that the many events are part of a coordinated campaign to destabilize the European energy sector.
“Some types of malware scoop up emails and contact lists and use them to automatically spam malicious attachments or links, so companies with shared connections can sometimes be hit in quick succession,” said Brett Callow, Threat Analyst at cyber-security company Emsisoft.
“This is why you sometimes see sector-based or geographic-based clusters of incidents.”
Another argument is that all of the organizations utilize the same software for their operations, which may have been hacked.