There have been cyber attacks on two other companies in Germany: Hackers attacked the Hamburg-based tank logistics company Oiltanking and the airport and building service provider Wisag in Frankfurt.

While operations there could be switched to replacement systems and, according to a company statement, "significant disruptions" in operation "were not recorded", the problems with the operator of oil and petrol tanks are apparently greater.

Bastian Benrath

Editor in Business.

  • Follow I follow

The company Oiltanking is one of the largest members of the independent tank farm association and operates 11 of the 108 tank farms in the association in Germany.

The company's largest warehouses are in Hamburg, others are located along the Rhine, in Frankfurt, Gera and Berlin.

After the attack, the software that controls the automatic filling of tankers and other transporters at the sites apparently failed.

Tankers cannot be filled

According to a company statement, the Oiltanking terminals operate “with limited capacity”. The company noticed the hacker attack on Saturday and declared a case of force majeure. The sister company Mabanaft did the same. Both belong to the Marquard & Bahls Group, which generated sales of 10.5 billion euros in 2020 with around 6,200 employees.

"I would see the problem at the moment primarily in the area of ​​​​tankers," said Frank Schaper, Managing Director of the association.

Due to the widespread fully automatic filling of tankers, there is the highest degree of automation there, which can hardly be replaced by manual filling.

However, Schaper assured that Germany's mineral oil supply would not be endangered by the attack.

Familiar logistics chains would have had to be converted, but this has largely already happened.

The effects are, for example, "no more dramatic" than those of the low water level in the Rhine in 2018.

Oiltanking's customers also include Shell's service stations.

"We were informed by Oiltanking over the weekend that there had been a cyber attack," said a Shell spokeswoman.

"Possible impacts on our supply chains can currently be offset via alternative charging points."

Experts suspect ransomware attack

According to experts, it is still unclear exactly how the attack on Oiltanking took place.

From the point of view of Tim Berghoff, spokesman for the Bochum-based cyber security company G-Data, there is a lot to be said for a blackmail Trojan, known in specialist circles as "ransomware".

"Ransomware is the classic when it comes to paralyzing a company system as quickly as possible," says Berghoff of the FAZ: "This is an attack scenario that we have seen many times in the past."

In a ransomware attack, a malicious program encrypts the victim's systems so that the company can only unlock them if the attackers pay a ransom and give them the appropriate key.

In such a case, such a payment is usually not even the most expensive thing for companies, says Berghoff: “The loss of production is ultimately one of the largest items on the bill.”

The malware could have gotten into Oiltanking's systems in various ways.

"The usual way is an email with a prepared attachment, which an employee opens in good faith." It could also be that the attackers exploit known vulnerabilities, such as those in the widespread Java library Log4j or in Microsoft Mail architecture Exchange Server.

"Although there are patches that close these security gaps, there are still numerous companies, especially in small and medium-sized businesses, that have so far postponed the updates."

Blackmail attempt also at Wisag

There was also an attempt at blackmail at the service provider Wisag. The company said it had been contacted but declined to negotiate with the perpetrators and called the police instead. "Wisag cannot be blackmailed and does not make any payments to criminals," said board member Michael Wisser on Tuesday.

The attack there was noticed last Thursday. As a result, all of the group's systems were taken offline, the company said. "Wisag's emergency plans took effect, operations were immediately switched to replacement systems," said a spokeswoman. In the meantime, the essential functions have been restored. It will also be examined whether and which data from Wisag servers may have been copied. In view of the ongoing investigations, it is currently not possible to provide any further information on the causes and effects of the incident.

Founded in 1965, Wisag handles baggage handling at several large German airports.

It also offers cleaning and other building services.

According to its own statements, it employs tens of thousands of people in Germany, Austria, Switzerland, Luxembourg and Poland.