The Port of Vigo faced a cyberattack early Tuesday morning that disrupted its cargo management systems and forced authorities to shut down access to key digital services. The Port of Vigo cyberattack was detected at around 5:45 a.m., prompting an immediate response from the port’s IT team.

The Port of Vigo cyberattack incident, now confirmed as a ransomware attack, affected servers linked to the Port Authority’s website, which remains offline. While the technical team was able to contain the threat, systems have been isolated from external networks as a precaution, delaying full restoration.

Port president Carlos Botana said the systems will not be brought back online until all security checks are complete. He noted that the team is waiting until “everything is clear” before reconnecting services. At this stage, there is no confirmed timeline for when normal operations will resume.

Port of Vigo Cyberattack Slows Port Operations

The cyberattack on Port of Vigo has not impacted the port’s physical functioning, but it has significantly disrupted daily operations. Much of the cargo handling process depends on digital platforms for scheduling, coordination, and documentation.

With systems offline, port users have been asked to switch to manual methods. Some operations, including those at the Border Inspection Post (BIP), are now being managed using paper records to keep workflows moving.

This fallback has helped avoid a complete shutdown, but it is slowing processes and adding pressure on staff. The situation reflects how dependent modern port operations have become on digital infrastructure.

Ransomware Behind the Attack

Authorities have confirmed that the Port of Vigo cyberattack involved ransomware, a type of malware that blocks access to systems or data until a ransom is paid. In many cases, attackers also extract sensitive data, increasing the risk of further exposure.

In this case, the focus remains on containment and recovery. A forensic investigation is currently underway to determine how the attackers gained access and whether any data has been compromised.

No Immediate Recovery Timeline

Despite progress in controlling the attack, the Port Authority has made it clear that restoring systems will take time. The IT team has not provided an estimated timeline for resuming server activity, citing the need for complete security validation before reconnecting systems.

“The port’s operational services and physical functioning have not been affected, but the programs will not be reopened to the public until all security checks have been completed,” Botana stated.

This cautious approach is increasingly common in ransomware cases, where premature restoration can lead to reinfection or further compromise.

A Reminder of Growing Cyber Risks

The Port of Vigo cyberattack highlights the growing risk ransomware poses to critical infrastructure. Ports, in particular, rely on a mix of physical operations and digital systems, making them vulnerable to disruptions that can affect both logistics and trade flow.

While operations at Vigo have not stopped entirely, the shift to manual processes shows how quickly efficiency can drop when systems go offline.

The Port of Vigo cyberattack incident also points to a broader trend, cyberattacks are no longer limited to data theft. They are increasingly designed to disrupt operations, creating immediate and visible impact.

As the investigation into cyberattack on Port of Vigo continues, the focus remains on restoring systems safely and understanding the scope of the breach. For now, the Port of Vigo continues to operate under constrained conditions, managing cargo traffic without the digital tools it typically depends on.