On January 29, oil trader Mabanaft, a distributor of diesel, gasoline and heating oil, declared force majeure as a result of a breach targeting its fuel storage and distribution business. Force majeure covers a company when it is unable to honor its contractual commitments because of events beyond its control.
Oil company Oiltanking was also affected; both companies are owned by the German logistics conglomerate Marquard & Bahls Group. Oiltanking is a major company with a throughput of 155 million tons in 2019. In operation since 1972, the firm is considered one of the world’s biggest independent operators of tank terminals for oils, chemicals and gases.
Their force majeure declaration will be felt most deeply in locations where there are few alternatives, such as the Hamburg area and southwest Germany.
As a result of the breach, Royal Dutch Shell said that it has been forced to reroute to other supply depots as its trucks are no longer able to load at the fuel depots linked to Mabanaft.
A few days later, the news emerged that port facilities in Germany, the Netherlands and Belgium had been targeted by a large-scale cyber attack primarily aimed at oil terminals. Many tankers have been prevented from delivering energy supplies, and German judicial authorities have already launched an investigation into the suspected extortion of oil operators.
According to S&P Global Platts, 17 terminals in total have been affected so far. Belgian authorities are currently investigating disruptions caused by the cyber attacks at ports in Ghent and Antwerp-Zeebrugge.
An official told AFP: "The software of several port terminals has been hacked and they can't process barges, basically, the operating system is down."
Traders told S&P Global Platts that the cyber attack could last for more than two weeks and that the companies are widely expected to pay a ransom.
Cybersecurity officials investigating the attacks do not believe the German oil companies' attack is linked to the oil port terminals attack.
The full extent of the cyber attacks is still not known, but the incident does highlight the increasing risks posed to the world's most critical infrastructure.
Last year, Colonial Pipeline paid a ransom after a hacking left the company with no choice but to close the U.S.'s biggest fuel pipeline. This led to shortages at gas stations and price spikes. Mabanaft has not said whether a ransom has been demanded or when it expects to resolve the situation, but it is looking increasingly like the Oiltanking incident is indeed a ransomware attack.
Huntsman Security Head of Product Management Piers Wilson stated: "Given the potential fragility of the fuel supply chain -- as highlighted by recent shortages in the UK -- disruptive cyber attacks can cause widespread disruption for consumers and businesses."
"With luck, the attack on Oiltanking won't see widespread disruption in Germany, but it must be seen as a wake-up call to organizations that still are not 100% confident in their own and their partners' cyber defenses," he added.
The attacks come just as the U.S. and its European allies are preparing sanctions against Russia should they invade Ukraine. Germany is also suffering from an energy crisis as the country phases out its nuclear and fossil fuel power plants in favor of renewables.
Sources for this article include: