Portuguese Media Giant Starts 2022 Under Ransomware Breach

ransomware attack

Within just hours of the new year, Portuguese media giant Impresa was hit by a ransomware attack. Impresa is one of the country's largest media outlets, operating both a range of TV channels and running the Expresso newspaper and media website.

According to reports, the threat actor responsible for the attack goes by the handle of 'Lapsus$' - a ransomware gang that doesn't end up in the headlines as often as some other, bigger names.

Multi-Tiered Attack

The ransomware attack affected not just the Expresso website but the Impressa-owned SIC TV station as well, as both were offline into the working days of the first week of 2022. To add insult to injury, the ransomware actor also compromised and hijacked one of the company's Twitter accounts, which was later used to boast about the attack.

This Monday Impresa published a news release, informing that TV broadcasts using airwaves and cable are not affected, with just streaming TV being offline. The Lapsus$ group dropped its ransom note on the compromised company pages, with Recorded Future publishing a screenshot of the note.

Shortly after the attack, Impresa managed to get the defaced pages back under its control, changing the ransom note with the usual 'service unavailable' messages. The ransom note published initially on the company's pages did not contain any information on the demanded ransom and Impresa has not released any information about the ransom either.

Who is Lapsus$?

The Lapsus$ ransomware gang's previous most notorious attack was aimed at the Brazilian Ministry of Health and took place in late 2021. The attack wiped out the Covid-related records of millions of Brazilian citizens. This is the first time the threat actor is targeting an entity on Portuguese soil and it seems the group is focused on countries with a Portuguese-speaking population.

Threatpost quoted TruU's Dave Pasirstein, who stated that ransomware is simply "not going away", due to the virtual impossibility of protecting against every single attack vector in current infrastructure, and to the lucrative payouts often associated with this crime.