First Big Ransomware Attack of 2022 Targets Large Portuguese Media Company

THE AUTHOR

Keith Ward
January 4, 2022

First Big Ransomware Attack of 2022 Targets Large Portuguese Media Company

A new year, a new ransomware attack. Portugal’s largest media conglomerate got hit hard over the New Year’s holiday weekend, and is still offline as of this article’s publication on Tuesday, January 4. 

The attack went after the company Impresa, taking down the websites of the nation’s largest TV channel and newspaper. The Twitter account was taken over by the hackers, who then Tweeted out through the compromised account. The attack was carried out by the ransomware gang Lapsus$. 

 The websites included those for the Expresso newspaper and television station SIC. The website “The Record” reported that the attack hit the company’s online IT server infrastructure. 

Reuters said in a story that Lapsus$ threatened data exfiltration if Impresa did not pay a ransom. Data exfiltration, or exposure of internal private data from a company, like Social Security numbers and credit card numbers, is an increasingly common tactic used by ransomware gangs. It’s another way to make money on top of providing a decryption key to unlock encrypted data. 

Lapsus$ mocked the Expresso newspaper in the newspaper’s official Twitter account, which it has also taken over. It said in a (translated) Tweet that “Lapsus$ is officially the new president https://ransomware.org/of Portugal”. Lapsus$ has also claimed that it’s gained control of Impresa’s Amazon Web Services account. 

Lapsus$ is not one of the more well-known ransomware gangs, but it did make a high-profile attack last December against Brazil’s Ministry of Health. In that case, compromised data included information on COVID-19 patients. Several systems were taken down, but it’s not clear how much data was ultimately lost, if any. 

The ransomware attack against Impresa should remind organizations to safeguard themselves as much as possible against these attacks in 2022. One effective method to do that is to get the recently published book, “Ransomware: Understand. Protect. Recover,” available here

As of this writing, it is publicly unknown whether or not Impreza paid the ransom. 

Sign Up For Our Newsletter

Don't worry, we hate spam too!

Other Articles You May Be Interested In:

Get Help Preparing For; Preventing;

Or Recovering From Ransomware Now

Get The Latest On Ransomware 
Right In Your Inbox

Sign Up To Receive Our 
Monthly Ransomware Newsletter

envelope
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram
Share via
Copy link
Powered by Social Snap