A cyberattack targeting Luka Rijeka, a major Croatian port operations company, was successfully contained thanks to swift action by their IT security team, company officials confirmed this week.
The 8Base ransomware group claimed responsibility for the attack on their dark web site, asserting they had stolen sensitive company data including contracts, accounting documents, and employee information. The hackers threatened to publish the alleged stolen files if ransom demands were not met by December 10.
However, Luka Rijeka's IT department detected the breach on November 30 and immediately shut down all systems as a precautionary measure, according to board member Marko Mišković. The company's network was fully restored by December 2 with no data loss, thanks to comprehensive backups.
"Our business operations faced no disruption," stated board member Marina Cesarac Dorčić, noting that the company had previously strengthened their cybersecurity after experiencing an attack five years ago. "All our data and documents remain secure with no threat to our operations or partners."
The port operator, which handles maritime transport and logistics in Rijeka, maintains that much of their business information is already public due to stock exchange listing requirements. Company officials report they have not received any direct ransom demands.
8Base, active since 2022, has recently claimed attacks on several other international targets including companies in Spain, Canada and Japan. The group had previously suspended operations between June and September 2024, possibly due to law enforcement pressure, according to security researchers.
The ransomware group typically employs double extortion tactics - encrypting data while threatening to leak stolen information. They are known to use a modified version of the Phobos ransomware in their operations.