SECURITY
SECURITY
SECURITY
Portuguese media group Impresa knocked offline in ransomware attack
Portuguese media group Impresa has been struck by a ransomware attack over the New Year’s holiday, taking its websites and online streaming services offline.
Impresa Sociedade Gstr D Prtcps Socsl SA, Portugal’s largest media company, is the owner of the SIC television channels and the Expresso weekly newspaper.
First reported today by The Record, the attack is being credited to a little-known ransomware gang that goes by the name Lapsus$. The attack hit the company’s online information technology server infrastructure, knocking the websites for SIC and Expresso offline, including SIC’s internet streaming service. Broadcast and cable TV services have not been affected.
Whereas the source of a typical ransomware attack may take some time to ascertain, this wasn’t the case here. Along with attacking Impresa, the Lapsus$ ransomware gang also defaced all of the company’s websites with a ransom note. The note also claimed that the gang had gained access to Impresa’s Amazon Web Services Inc. account.
The Lapsus$ ransomware gang appears to have first come onto the scene in December with an attack on Brazil’s Ministry of Health. That attack also included a system that tracks Brazil’s national immunization program and issues digital vaccination certificates.
In the December attack, Lapsus$ left a message on the affected websites claiming credit and claiming that it had stolen 50 terabytes’ worth of data. As with the attack on Impresa, the group left a message that included an email address and Telegram contact information that the attackers asked to be contacted to discuss the terms of returning the data.
Both the Brazil Ministry of Health attack followed by an attack on Impresa both have one commonality: Both countries use Portuguese as their language and the ransom notes in both cases were in the same language. The presumed takeaway is that the Lapsus$ ransomware gang consists of Portuguese speakers.
As of today, Impressa claims to have regained control over its AWS account, but a Twitter account run by Lapsus$ claimed it still has access. The main Impresa website remains down at the time of writing, with a message stating in Portuguese that the website is temporarily unavailable.
Image: Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
