Portuguese media group Impresa knocked offline in ransomware attack | #malware | #ransomware | #cybersecurity | #infosecurity | #hacker



Portuguese media group Impresa has been struck by a ransomware attack over the New Year’s holiday, taking its websites and online streaming services offline. 

Impresa Sociedade Gstr D Prtcps Socsl SA, Portugal’s largest media company, is the owner of the SIC television channels and the Expresso weekly newspaper.

First reported today by The Record, the attack is being credited to a little-known ransomware gang that goes by the name Lapsus$. The attack hit the company’s online information technology server infrastructure, knocking the websites for SIC and Expresso offline, including SIC’s internet streaming service. Broadcast and cable TV services have not been affected.

Whereas the source of a typical ransomware attack may take some time to ascertain, this wasn’t the case here. Along with attacking Impresa, the Lapsus$ ransomware gang also defaced all of the company’s websites with a ransom note. The note also claimed that the gang had gained access to Impresa’s Amazon Web Services Inc. account.

The Lapsus$ ransomware gang appears to have first come onto the scene in December with an attack on Brazil’s Ministry of Health. That attack also included a system that tracks Brazil’s national immunization program and issues digital vaccination certificates.

In the December attack, Lapsus$ left a message on the affected websites claiming credit and claiming that it had stolen 50 terabytes’ worth of data. As with the attack on Impresa, the group left a message that included an email address and Telegram contact information that the attackers asked to be contacted to discuss the terms of returning the data.

Both the Brazil Ministry of Health attack followed by an attack on Impresa both have one commonality: Both countries use Portuguese as their language and the ransom notes in both cases were in the same language. The presumed takeaway is that the Lapsus$ ransomware gang consists of Portuguese speakers.

As of today, Impressa claims to have regained control over its AWS account, but a Twitter account run by Lapsus$ claimed it still has access. The main Impresa website remains down at the time of writing, with a message stating in Portuguese that the website is temporarily unavailable.

Image: Wikimedia Commons

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.



Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW