White Hat Institute

Impresa, a Portuguese media group, has been devastated by a ransomware attack

Retrieved from zap.aeiou.pt

A ransomware attack devastated media corporation Impresa, which controls Portugal’s main tv network and newspaper, barely hours into the year 2022. Lapsus$ is the probable ransomware group behind the assault.

Impresa-owned Expresso newspaper and television station SIC were among the targets of the cyberattack. Both are still down this morning as the media corporation recovers from a New Year’s weekend assault. The server infrastructure, which is vital to Impresa’s activities, has been disrupted. One of Impresa’s registered Twitter accounts has also been hacked and is being used to openly insult the organization.

According to a statement posted on Sunday by The Record, the media outlet of security analysis firm Recorded Future, “national airwave and cable Television broadcasts are working properly, but the assault has taken down SIC’s internet streaming capability.”

The attack was also reported by other news sites, including SIC Noticias, SIC’s news TV channel, which confirmed the occurrence via Twitter, and Portugal’s Observador newspaper. “The Impresa company acknowledges that its Expresso and SIC websites, as well as several of its social media accounts, are momentarily offline, evidently the subject of a cyber assault and that efforts are indeed being taken to address the situation,” according to the tweet.

As per a copy of the statement shared online by The Record, Lapsus$ exposed itself as the perpetrator of the assault by defacing all of Impresa’s websites with a ransom note informing the corporation that it had gotten access to Impresa’s Amazon Web Services account.

Impresa seems to have regained control of the account on Monday, when all of the websites were placed in maintenance mode, with notices on their separate home pages indicating that they were momentarily inaccessible. According to Recorded Future, Lapsus$ turned up the heat on Impresa via Twitter, tweeting from Expresso’s official Twitter account on Monday to show that it still had access to corporate resources.

According to Lino Santos, the administrator of Portugal’s National Cybersecurity Center, neither the corporation nor Lapsus$ have divulged the amount of the ransom payment related to the attack, which indicates the first time the gang has targeted an entity in Portugal. The Lapsus$ Group first appeared on the ransomware scene in 2021 and is most known for a recent attack on the Brazilian Ministry of Health. Several internet businesses were brought down as a result of the incident, which completely erased information on citizens’ COVID-19 vaccination data and disrupted the mechanism that provides digital vaccination certificates.

The attack demonstrates that the substantial increase in ransomware attacks in 2021 is showing no signs of abating in the coming year. “Ransomware is not going away,” TruU’s chief product officer and head of engineering, Dave Pasirstein, stated. “It’s a profitable business that’s practically difficult to safeguard against all risk vectors.”