Close this search box.

First Big Ransomware Attack of 2022 Targets Large Portuguese Media Company

The author

A new year, a new ransomware attack. Portugal’s largest media conglomerate got hit hard over the New Year’s holiday weekend, and is still offline as of this article’s publication on Tuesday, January 4. 

The attack went after the company Impresa, taking down the websites of the nation’s largest TV channel and newspaper. The Twitter account was taken over by the hackers, who then Tweeted out through the compromised account. The attack was carried out by the ransomware gang Lapsus$

 The websites included those for the Expresso newspaper and television station SIC. The website “The Record” reported that the attack hit the company’s online IT server infrastructure. 

Reuters said in a story that Lapsus$ threatened data exfiltration if Impresa did not pay a ransom. Data exfiltration, or exposure of internal private data from a company, like Social Security numbers and credit card numbers, is an increasingly common tactic used by ransomware gangs. It’s another way to make money on top of providing a decryption key to unlock encrypted data. 

Lapsus$ mocked the Expresso newspaper in the newspaper’s official Twitter account, which it has also taken over. It said in a (translated) Tweet that “Lapsus$ is officially the new president Portugal”. Lapsus$ has also claimed that it’s gained control of Impresa’s Amazon Web Services account. 

Lapsus$ is not one of the more well-known ransomware gangs, but it did make a high-profile attack last December against Brazil’s Ministry of Health. In that case, compromised data included information on COVID-19 patients. Several systems were taken down, but it’s not clear how much data was ultimately lost, if any. 

The ransomware attack against Impresa should remind organizations to safeguard themselves as much as possible against these attacks in 2022. One effective method to do that is to get the recently published book, “Ransomware: Understand. Protect. Recover,” available here

As of this writing, it is publicly unknown whether or not Impreza paid the ransom. 

Sign Up For Our Newsletter

Don’t worry, we hate spam too!

Get The Latest On Ransomware Right In Your Inbox

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

Is This Your Business?
Get In Touch

Contact Us To Sponsor Your Business Listing & Learn More About The Benfits.

Before You Go!
Sign up to stay up to date with everything ransomware

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

JUST RELEASED: The 2024 State of Ransomware Survey is in.


Share via
Copy link
Powered by Social Snap