The LockBit ransomware gang claims to have successfully compromised a Portuguese municipal water utility and is threatening to leak its stolen data. At the time of writing, it is still unknown how the attackers breached the utility or what type of data was stolen.

The utility disclosed the breach on January 30, saying a cyber attack impacted some of its services but not its ability to provide drinking water or sanitation services to customers. LockBit threat actors added the municipal water utility company to the list of victims on its Tor leak site and set March 7 as the deadline to pay. The threat actors have yet to release samples of the stolen data as proof of the security breach and, as noted above, the volume and type of data stolen by the ransomware gang are unknown. The utility said in a statement: “Due to the incident, some customer services suffered constraints. In this sense, all customers who, in the last 72 hours, submitted requests for information, service requests, complaints, among others, should contact the municipal company.” Portuguese government authorities are investigating the incident.

LockBit is a ransomware-as-a-service (RaaS) group that has been active since September 2019. The group has developed several variants of ransomware products to conduct its attacks. LockBit has been the dominant ransomware strain over the past year, and according to Flashpoint the group was responsible for 30 percent of all known ransomware attacks from August 2021 to August 2022. Read more at Security Affairs.