A ransomware attack has crippled digital systems at Spain’s Port of Vigo, forcing the isolation of its computer servers and a shift to manual cargo management. Although physical ship movements continue, officials have refused to restore network connections until they receive absolute security guarantees, leaving logistics coordination dependent on paper documentation.

A significant ransomware attack has targeted the digital infrastructure of the Port of Vigo in northwest Spain, leading to a widespread disruption of automated services. Detected early Tuesday morning, the breach specifically hit servers responsible for managing cargo traffic and various digital administrative functions. Port authorities confirmed that the attackers managed to lock several pieces of equipment and issued a formal demand for ransom to restore access to the encrypted data.

To prevent the malicious software from spreading further across the infrastructure, the port authority’s technology team immediately moved to disconnect and isolate the affected systems from all external networks. Carlos Botana, the president of the port, emphasized that the primary focus is on containment rather than speed of recovery. He stated that the network would remain offline until security experts can provide total assurance that the environment is clean, noting that there is currently no set date for a return to normal digital operations.

While the digital backend remains paralyzed, the physical movement of vessels and the handling of goods at the docks have not come to a complete standstill. However, the lack of digital coordination has forced a regression in logistics, with many operators now required to use manual procedures and paper-based tracking to keep cargo moving. This shift has slowed down the efficiency of the facility, which serves as a vital hub for the Galicia region.

A forensic investigation is currently being conducted to identify the entry point used by the attackers and to assess whether any sensitive information was stolen during the breach. Botana has characterized the event as a standard financially motivated cyberattack, though no specific hacking organization has stepped forward to claim credit for the intrusion. The incident highlights the ongoing vulnerability of maritime infrastructure to professional cybercrime syndicates.

The disruption at Vigo is part of a growing trend of cyberattacks targeting global shipping hubs, which are seen as high-value targets due to their critical role in international trade. This incident follows similar high-profile attacks on major ports in Japan, Australia, and the United States. As maritime technology becomes increasingly interconnected, these facilities face heightened risks from groups like LockBit and other ransomware actors who view the potential for massive economic disruption as leverage for their demands.

Source: https://www.diariodelpuerto.com/maritimo/valenciaport-comienza-la-estrategia-de-adaptacion-de-sus-puertos-al-cambio-climatico-GK25855344#scrollview