The LockBit ransomware gang claims to have hacked Aguas do Porto, a Portuguese municipal water utility company, and is threatening to leak the stolen data. Aguas do Porto is a municipal water utility company that manages the full water cycle including water supply, and wastewater drainage. The company also manages public lighting and photovoltaic parks.
The group added the municipal water utility company to the list of victims on its Tor leak site, the deadline is March 07, 2023.
The crooks have yet to publish samples of the stolen data as proof of the security breach. At this time, it is unclear the volume and the type of data stolen by the ransomware gang.
The company disclosed the security breach on January 30, it said that a cyber attack impacted some of its services, but it did not affect the water supply and sanitation.
CNN Portugal confirmed that the National Cybersecurity Center and the Judiciary Police are investigating the security breach.
“Due to the incident, some customer services suffered constraints. In this sense, all customers who, in the last 72 hours, submitted requests for information, service requests, complaints, among others, should contact the municipal company ”, reads a statement from the company.
In December, the Lockbit group breached the systems at the Port of Lisbon.
The Administration of the Port of Lisbon said that the cyber attack did not compromise operational activity at the critical infrastructure. The administration notified the National Cybersecurity Center and the Judiciary Police were notified of the incident.
The cybercrime group also hit Divultec, a company that provides computer services to third parties.
CNN Portugal said that the gang stole several sensitive information from Divultec’s customers, including Águas do Porto passwords.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Aguas do Porto)