Oiltanking GmbH Group and Mabanaft Group — two companies involved in storing and supplying oil and other materials — have been hit by a cyberattack that disrupted operations in Germany. 

While they did not elaborate on the nature of the incident or who was behind the attack, Oiltanking GmbH Group and Mabanaft Group said they discovered a cybersecurity incident affecting IT systems and are working to restore operations to normal in all terminals. 

Both Oiltanking GmbH Group — which operates storage tank terminals for oil, gas and chemicals — and Mabanaft launched an investigation with external specialists and are working to understand the full extent of the incident. And while Oiltanking GmbH Group is still operating all terminals in all global markets, facilities at Oiltanking Deutschland GmbH, a separate entity that serves all terminals in Germany and is part of Mabanaft, are operating with limited capacity.

Mbanaft’s — importer, wholesaler and supplier of heating oil, gasoline, diesel fuel, jet fuel and other oil products — has declared “force majeure” for the majority of its inland supply activities in its German branch. French for “superior force,” the force majeure clause is a contract provision that relieves the parties from performing their contractual obligations when certain circumstances beyond their control arise (such as severe acts of nature or weather events; war or terrorism, etc.), making performance inadvisable, commercially impracticable, illegal, or impossible.

At a conference, Arne Schoenbohm, head of Germany’s IT security agency, explained that the incident was serious but not grave. Schoenbohm also noted that 233 filling stations, mostly in northern Germany, had been affected —  only 1.7% of the country’s total, according to AP News.

“Impacting elements of the fuel, heating, and combustibles supply chain during the winter season potentially put human safety and wellbeing in the crosshairs — these types of attacks underscore the very serious risks posed by criminals to foundational parts of essential services and infrastructure,” explains Tim Wade, Technical Director, CTO Team at Vectra.

The 2021 Colonial Pipeline ransomware attack demonstrated how disruptive a cyberattack on critical infrastructure can be. While not much is known about who is behind this attack or whether this was a ransomware attack, the business continuity of Oiltanking GmbH and Mabanaft will take a hit and take time to recover from, says Hank Schless, Senior Manager, Security Solutions at Lookout. He adds, “It typically costs organizations between $750,000 and $1.85M to recover from a significant ransomware attack, which doesn’t even include the cost of lost business due to the incident.”

Schless also notes that the timing of the attack aligns with Russia threatening to shut off its pipelines into Europe, in light of the Russia and Ukraine geopolitical tension. “Attackers potentially saw an opportunity to put even more pressure on Germany, which is one of the largest consumers of Russian gas in Europe. This is the perfect example of using a high-pressure situation to create an opportunity for malicious cyber activity, which attackers do as often as they can,” Schless says.