John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
On March 24, ransomware hit the Autoridad Portuaria de Vigo, the body that runs Spain’s largest fishing port. Digital systems went offline. The web portal went dark. Cargo tracking reverted to paper logs and phone calls.
Vigo isn’t a port you can pause. It moves hundreds of thousands of tonnes of fish annually and feeds a supply chain that runs across Europe. When the manifests stop flowing, the disruption doesn’t stay at the dock. Cold storage facilities, processing plants, distributors – it ripples.
Credit where it’s due: the port authority isolated affected systems the same day the attack was detected. That’s not easy when you’re dealing with cargo management platforms and operational technology systems rather than office workstations. Getting containment done in hours is genuinely notable.
As of March 26, no ransomware group has claimed the attack. That silence at 48 hours is normal, not meaningful in either direction – groups often wait days or weeks, especially if negotiations are in play.
The pattern here is familiar. European ports keep showing up in ransomware incident reports. Aging infrastructure, complex OT environments, and operational dependencies that make downtime extremely expensive – that’s the profile attackers are looking for.