Cyberattackers target key fuel-distribution firms in Europe
Bloomberg February 2, 2022
Europe's fuel-supply network fell victim to a cyberattack – less than a year after the biggest refined petroleum pipeline in the U.S. was halted by a hack.
The situation was serious "but not grave," the head of Germany's information technology security system said. The attack targeted a leading oil trader, and disrupted payments at hundreds of filling stations.
Mabanaft, which stores and distributes large amounts of fuel in the country, said on Tuesday that its IT systems had been breached and its operations disrupted. On Wednesday, a broker that handles deliveries of fuel to customers inland via the Rhine River said numerous terminals in the Amsterdam-Rotterdam-Antwerp oil trading hub were also affected.
The incidents serve as a reminder of how cyber security is becoming a growing concern across the oil industry. Last year, Colonial Pipeline Co. paid a ransom after a hack forced it to shut the largest fuel pipeline in the U.S., resulting in shortages at filling stations and price spikes.
Mabanaft, which distributes diesel, gasoline and heating oil, declared force majeure on supplies within Germany following the Jan. 29 breach that targeted its distribution business, as did Oiltanking Deutschland, a related storage company. The legal clause covers a company when it can't honor contractual commitments due to events beyond its control.
Prosecutors are investigating whether Mabanaft's parent company was the victim of a ransomware attack, Handelsblatt reported.
"All parties continue to work to restore operations to normal in all our terminals as soon as possible," Mabanaft said. It declined to state whether a ransom is being sought or when it expects the situation to be resolved.
Multiple terminals in Europe's oil-trading hub have been impacted by "IT issues," according to barge broker Riverlake. "I have several barges waiting for loading and discharging for days," at SEA-Tank terminals in Antwerp, said Jelle Vreeman, a senior broker at Riverlake.
SEA-Tank Terminal, which has extensive storage facilities in Antwerp, was affected by a cyberattack, according to an email seen by Bloomberg. The email, from a company that does business with SEA-Tank, stated that the storage company's IT systems suffered an unexpected outage.
As of Wednesday afternoon, these are the key developments:
- The head of Germany's IT security agency, Arne Schoenbohm, said at a conference on Tuesday that 233 gasoline filling stations largely in northern Germany had been affected, only 1.7% of the country's total. At some of those stations it wasn't possible to pay by credit card.
- Hamburg prosecutors are investigating whether fuel distributor Marquard & Bahls -- which owns Mabanaft and Oiltanking -- is the victim of a ransomware attack, Handelsblatt reported. The hackers used "Black Cat" ransomware, the newspaper said, citing a report by the Federal Office for Information Security.
- Oiltanking's declaration of force majeure is likely to be felt most keenly in locations where there's the least alternative fuel supply. That includes the Hamburg area, which is served by the Holborn refinery, and southwest Germany, which relies on the Miro oil plant.
- The drop in deliveries prompted by Oiltanking's declaration can be met currently by other suppliers, according to EN2X, the group that represents refiners and distributors in Germany.
- Wisag, a German aviation services provider that offers airport ground handling operations, said it suffered a serious IT breach on Jan. 27. It hasn't responded to the perpetrators' request to make contact and negotiate, insisting it would not be blackmailed. There has been no impact to its airport operations. It's not clear if it's linked to the Mabanaft breach.
- Shell said it is having to seek alternative supply, with trucks unable to load at fuel depots linked to Mabanaft.
Bloomberg's Brian Wingfield, Ryan Gallagher and Angela Cullen contributed to this report.