Portugal Media Giant Impresa Crippled by Ransomware Attack

Media big Impresa, which owns the largest tv station and newspaper in Portugal, was crippled by a ransomware attack just hrs into 2022. The suspected ransomware gang guiding the attack goes by the name Lapsus$.

The attack integrated Impresa-owned web site Expresso newspaper and television station SIC. Both remain offline Tuesday morning as the media huge ongoing its recovery from a New Year’s weekend attack. Impacted is the server infrastructure critical to Impresa’s functions. Also compromised is a person of Impresa’s verified Twitter accounts, which was hijacked and made use of to taunt the firm publicly.

“National airwave and cable Television set broadcasts are working normally, but the attack has taken down SIC’s internet streaming abilities,” in accordance to a web site publish printed Monday by The Document, the news company of security analyst firm Recorded Long term.

Numerous information outlets also described the attack, which include SIC Noticias, SIC’s information Television station, which tweeted a confirmation of the incident, and Portugal’s Observador newspaper.

“The Impresa group confirms that its Expresso and SIC internet sites, as perfectly as some of their social media webpages, are briefly unavailable, apparently the focus on of a personal computer attack, and that steps are staying taken to resolve the circumstance,” according to the tweet.

Lapsus$ recognized by itself as the offender of the attack by defacing all of Impresa’s sites with a ransom be aware allowing the corporation know that it had received access to Impresa’s Amazon Web Solutions account, in accordance to a screenshot of the note posted online by The History.

Force to Pay

It appears Impresa was in a position to get back handle above the account on Monday when all of the websites were set into maintenance method, demonstrating notes on respective dwelling web pages that they have been briefly unavailable.

Even so, Lapsus$ stored up the strain on Impresa by way of Twitter, tweeting from Expresso’s verified Twitter account on Monday to show that it even now had accessibility to business assets, according to Recorded Upcoming.

Neither the enterprise nor Lapsus$ so significantly has revealed the quantity of the extortion payment connected with the incident, which marks the initially time the team has attacked an entity in Portugal, Lino Santos, the coordinator of Portugal’s National Cybersecurity Center, instructed the Observador.

Lapsus$ Group arrived on the ransomware scene in 2021 and so significantly is very best acknowledged for an attack on the Brazil Ministry of Health very last month. The incident took down several online entities, efficiently wiping out details on citizens’ COVID-19 vaccination information as well as disrupting the system that issues digital vaccination certificates.

Far more Ransomware on the Way

The attack reveals that the considerable ramp-up in ransomware attacks in 2021 clearly show no symptoms of slowing in the new yr.

“Ransomware is not going away,” Dave Pasirstein, chief item officer and head of engineering for TruU wrote in an email to Threatpost. “It’s a beneficial enterprise that is nearly unattainable to protect against all risk vectors.”

Examine out our free upcoming are living and on-need on the net city halls – exceptional, dynamic discussions with cybersecurity gurus and the Threatpost local community.