article featured image


Oiltanking, one of the largest independent operators of tank terminals for oils, chemicals, and gases worldwide, has recently fallen victim to a cybercriminal attack. The company confirmed this to the Handelsblatt on Monday. The attack also affected the mineral oil dealer Mabanaft, a subsidiary of the Hamburg group Marquard & Bahls.

The two companies didn’t go into detail about the incident or who might be to blame, but they did say they’re attempting to figure out its “full breadth.”

“We are trying to remedy the problem according to our emergency preparations,” Oiltanking writes in a statement to its business partners, according to the publication. The incident is currently being investigated by security experts. The loading and unloading of tank farms, among other things, is hampered and tanker trucks cannot be loaded at the moment because this is mainly automated and only achievable to a limited extent manually.

According to AP News, Mabanaft’s German branch “has also declared force majeure for the majority of its inland supply activities in Germany.” Heating oil, gasoline, diesel fuel, jet fuel, and other oil products are imported, wholesaled, and supplied by the corporation.

Shell Deutschland GmbH, the oil company’s German division, was able to re-route to alternate supply depots for the time being.

“We are attempting to restore operations to normal in all of our terminals as quickly as possible,” the companies added.

According to F-Secure’s Rüdiger Trost,

Extortion software is most likely used in the cyberattack, which will most likely be accompanied by a demand for money in exchange for a code to restore the system. It could yet take several days, if not weeks, before everything is back to normal.


Arne Schoenbohm, the chief of Germany’s IT security office, stated during a press conference on Tuesday that the event was significant “but not grave”.

Roughly 233 filling stations, mostly in northern Germany, were affected, according to Schoenbohm, accounting for only 1.7 percent of the country’s total. He stated that while it was not allowed to pay by credit card or alter pricing at some of the stations, it was feasible to pay with cash in some situations.

According to industry officials, there is no threat to Germany’s overall gasoline supplies, as there are 26 companies active in the market.

Cyber-attacks have become a common occurrence for German businesses lately. The Federal Office for the Protection of the Constitution (Bun­des­amt für Ver­fas­sungs­schutz) recently issued a warning about the growing threat posed by Chinese hackers.

The BfV assumes that the actor will continue to attack the German economy and therefore publishes the attached detection rules and technical indicators (Indicators of Compromise) to enable commercial companies to identify existing infections with the currently circulating and possibly new versions of the malware.


While no one has yet taken responsibility for the attack on Oiltanking, it might be the work of a state actor looking to cause widespread disruption and economic harm.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Cezarina Dinu

Head of Marketing Communications & PR

linkedin icon

Cezarina is the Head of Marketing Communications and PR within Heimdal® and a cybersecurity enthusiast who loves bringing her background in content marketing, UX, and data analysis together into one job. She has a fondness for all things SEO and is always open to receiving suggestions, comments, or questions.

Leave a Reply

Your email address will not be published. Required fields are marked *