With the arrival of 2022, ransomware operators are back in business. Researchers sounded a warning about a newly found Lapsus$ ransomware after only one week of the year had gone.
- During the New Year vacation, Impresa, Portugal’s largest media company, was targeted by the new Lapsus$ ransomware.
- The gang claimed responsibility for the attack by placing a ransom note on all Impresa websites. In addition to the ransom demand, the message stated that the organisation had gained access to the company’s online IT server infrastructure, which included all of SIC and Expresso’s websites and channels.
- The attack, however, had little effect on radio or cable television transmissions.
- Despite the fact that the corporation reclaimed control of several of the afflicted sites, the gang claims it still has access to company resources.
The overall picture
The Lapsus$ group had attacked several other organisations since its discovery in December 2021.
This included an attack on the Brazilian Ministry of Health’s websites, which resulted in the loss of COVID-19 vaccination data for millions of residents.
Claro and Embratel, two South American telecommunications companies, were the other two victims.
Cybercriminals profit handsomely from ransomware. It’s working and it’s paying off. Threat actors are growing more inventive in their extortion and dissemination strategies with each passing year, posing a significant threat to businesses. Organizations must strengthen their cybersecurity posture by having a solid backup mechanism and detecting methods for malicious actions, rather than becoming sitting ducks for such threats.
Broadcasts on the national airwaves and cable television remain unaffected, however SIC’s internet streaming capabilities have been disabled as a result of the attack.
When all of the sites were put into maintenance mode earlier today, Impresa workers appeared to reclaim control of this account, but the attackers quickly tweeted using Expresso’s verified Twitter account to prove that they still had access to business resources.
The Impresa hack is one of the country’s most serious cybersecurity disasters. Impresa is the country’s largest media company by a long shot.
According to TV ratings from September 2021, SIC and all of its secondary channels lead the TV market, while Expresso has the highest weekly circulation figures. Nonetheless, Impressa owns a slew of other media firms and publications, all of which are likely to be affected by the hack.
A request for feedback addressed through email to members of the Lapsus$ group has gone unanswered. A spokeswoman for Impresa declined to comment on the attack.
This is the second ransom attack on a media conglomerate over the holiday season, following the Ryuk gang’s December 2018 attack on Tribune Publishing, which owns the Los Angeles Times.
Cyberattacks did not make much of an impact during the recent winter holidays, despite warnings from US and German officials.