European oil and transportation services have spent all week under attack by ransomware.
The latest victim, aviation services company Swissport, announced Friday that ransomware struck part of its IT infrastructure, causing flight delays and knocking its website offline. The company said last month that in 2019, it fueled 2.3 million flights, and claims 2,000 employees at 40 airports across six countries.
⚠️ A part of #Swissport’s IT infrastructure was subject to a ransomware attack. The attack has been largely contained, and we are working actively to fully resolve the issue as quickly as possible. Swissport regrets any impact the incidence has had on our service delivery.
— Swissport (@swissportNews) February 4, 2022
The announcement comes one day after reports of attacks on oil port terminals in Belgium and the Netherlands. Earlier this week, two German oil companies became ransomware victims as well, forcing one of the companies into operating at a limited capacity and prompting Shell to reroute oil supplies.
Although those two attacks prompted speculation about Russian government involvement at a time when Germany is considering pulling out of a gas pipeline deal with Russia over its aggression against Ukraine, European officials said they don’t currently believe the attacks in Belgium, Germany or Netherlands are connected.
Germany’s Federal Office for Information Security blamed BlackCat for the attacks in its country, and a European official told The Record that the port attacks were associated with the BlackCat and Conti ransomware families, both of which researchers have traced to Russia.
BlackCat ransomware has quickly made a name for itself. Analysts have observed connections between BlackCat and other big-name ransomware groups like REvil and Darkside. A representative of the BlackCat gang told Recorded Future that it was, in fact, linked to several ransomware groups because they were affiliates — although ransomware operatives, like many cybercriminals, are prone to deception and exaggeration.