Suspected ransomware attack hits oil storage and distribution firms in northern Germany less than a year after Colonial Pipeline

Less than a year after the Colonial Pipeline attack in the US, a major cyber attack has hit two German oil storage and distribution firms, disrupting Europe’s fuel-supply network.

“I consider this incident to be serious, but not grave,” president of the Federal Office for Information Security, Arne Schonbohm, said during a press conference. The attack disrupted payments at hundreds of filling stations. 

In a statement, Oiltanking GmbH Group and Mabanaft GmbH & Co. KG (Mabanaft) Group acknowledged they had been the victim of a cyber incident affecting the organisation’s IT systems.

“Upon learning of the incident, we immediately took steps to enhance the security of our systems and processes and launched an investigation into the matter. We are working to solve this issue according to our contingency plans, as well as to understand the full scope of the incident.

“We are undertaking a thorough investigation, together with external specialists and are collaborating closely with the relevant authorities. All terminals continue to operate safely.”

Oiltanking Deutschland GmbH & Co. KG is an operating unit within the Mabanaft Group and operates all terminals in Germany. The company said its terminals were operating with limited capacity and had declared force majeure. Mabanaft Deutschland also declared force majeure for the majority of its inland supply activities in Germany.

“All parties continue to work to restore operations to normal in all our terminals as soon as possible,” said the firm.

“We are committed to resolving the issue and minimising the impact as quickly and effectively as possible. We will be keeping our customers and partners informed and provide updates as soon more information becomes available.”

Meanwhile, Shell Plc said it was seeking alternative supply, with trucks unable to load at fuel depots linked to Mabanaft.

It is understood that Hamburg prosecutors are investigating whether the fuel distributor has been the victim of a “Black Cat” ransomware attack. 

In May 2021, a ransomware attack was responsibile for shutting down the entire network of US fuel pipeline operator Colonial Pipeline, the source of nearly half of the US East Coast’s fuel supply.