Major Portuguese media conglomerate hit by ransomware

Lapsus$ ransomware group attacked Impresa, one of the largest media groups in Portugal, causing several news outlets to shut down.

The websites of Portugal's biggest newspaper Expresso and major broadcaster SIC TV, are down because of the attack.

At the time of writing, websites for both outlets claim that their services are unavailable. However, users on Twitter shared screenshots from the weekend when a message from the Lapsus$ Group was displayed.

"Data will be leaked if the required amount is not paid. We have access to cloud services (AWS), among other types of devices," the message said in Portuguese.

A message on SIC TV and Expresso websites.

The message also included email and Telegram contact info.

Reuters reports that Expresso newspaper and SIC TV station both said they reported the incident to the criminal investigation police agency PJ and the National Cybersecurity Centre (CNCS) and would file a complaint.

Expresso's social media account posted that following the attack, a bogus email claiming that the president of Portugal was charged with murder was sent.

"In an attack never seen on freedom of the press in Portugal in the digital age, EXPRESS and SIC sites, as well as some of their social media, were the subject of an attack this morning," the Facebook post from Sunday said.

According to Reuters, CNCS's coordinator, Lino Santos, told Observador newspaper it was the first time the group launched an attack in the country.

Impresa is the largest Portuguese media group operating several TV stations, magazines, websites, and other ventures within the media business.

The lapsus$ ransomware group also claims to have hacked Brazil's health ministry website last month, taking several systems down, including information about the national immunization program and another used to issue digital vaccination certificates.

Golden age

Cyberattacks are increasing in scale, sophistication, and scope. The last 12 months were ripe with major high-profile cyberattacks, such as the SolarWinds hack, attacks against the Colonial Pipeline, meat processing company JBS, and software firm Kaseya.

Pundits talk of a ransomware gold rush, with the number of attacks increasing over 90% in the first half of 2021 alone.

The prevalence of ransomware has forced governments to take multilateral action against the threat. It's likely a combined effort allowed to push the infamous REvil and BlackMatter cartels offline and arrest the Cl0p ransomware cartel members.

Gangs, however, either rebrand or form new groups. Most recently, LockBit 2.0 was the most active ransomware group with a whopping list of 203 victims in Q3 of 2021 alone.

An average data breach costs victims $4.24 million per incident, the highest in the 17 years. For example, the average cost stood at $3.86 million per incident last year, putting recent results at a 10% increase.

More from CyberNews:

8 cybersecurity trends to watch for 2022: From extortion to satellite attacks

CyberNews’ TOP 10 interviews of 2021

Cloud security in 2022: stormy horizons, shaken trust, and lack of talent

LastPass claims no accounts compromised after security warnings

If you can remember your password, it's not secure enough - interview

Subscribe to our newsletter