Portuguese media group Impresa knocked offline in ransomware attack
Portuguese media group Impresa has been struck by a ransomware attack over the New Year’s holiday, taking its websites and online streaming services offline.
Impresa Sociedade Gstr D Prtcps Socsl SA, Portugal’s largest media company, is the owner of the SIC television channels and the Expresso weekly newspaper.
First reported today by The Record, the attack is being credited to a little-known ransomware gang that goes by the name Lapsus$. The attack hit the company’s online information technology server infrastructure, knocking the websites for SIC and Expresso offline, including SIC’s internet streaming service. Broadcast and cable TV services have not been affected.
Whereas the source of a typical ransomware attack may take some time to ascertain, this wasn’t the case here. Along with attacking Impresa, the Lapsus$ ransomware gang also defaced all of the company’s websites with a ransom note. The note also claimed that the gang had gained access to Impresa’s Amazon Web Services Inc. account.
The Lapsus$ ransomware gang appears to have first come onto the scene in December with an attack on Brazil’s Ministry of Health. That attack also included a system that tracks Brazil’s national immunization program and issues digital vaccination certificates.
In the December attack, Lapsus$ left a message on the affected websites claiming credit and claiming that it had stolen 50 terabytes’ worth of data. As with the attack on Impresa, the group left a message that included an email address and Telegram contact information that the attackers asked to be contacted to discuss the terms of returning the data.
Both the Brazil Ministry of Health attack followed by an attack on Impresa both have one commonality: Both countries use Portuguese as their language and the ransom notes in both cases were in the same language. The presumed takeaway is that the Lapsus$ ransomware gang consists of Portuguese speakers.
As of today, Impressa claims to have regained control over its AWS account, but a Twitter account run by Lapsus$ claimed it still has access. The main Impresa website remains down at the time of writing, with a message stating in Portuguese that the website is temporarily unavailable.
Image: Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU