Ransomware Attack Hits Portugal Media Empire Impresa

by | January 31, 2022 | Cybersecurity News

A devastating ransomware attack directed at the company forced all of its SIC TV channels and the Expresso newspaper to go offline.

The New Year Comes Bearing Ransomware

Just a few hours into 2022, an attack crippled the media giant Impresa, owner of the most prominent television station and newspaper in Portugal. Investigators believe the ransomware gang responsible for the incident is the one that goes by the name Lapsus$.

The attack hit the Expresso newspaper and the SIC television station. As of Tuesday morning, both remain offline, as the company is still in the recovery process after the New Year’s weekend attack. Additionally, the incident affected the server infrastructure critical to operations and one of the company’s verified Twitter accounts, which the perpetrators used to taunt Impresa publicly.

“National airwave and cable TV broadcasts are operating normally, but the attack has taken down SIC’s internet streaming capabilities,” according to a Monday blog post by The Record.

The ransomware attack made headlines, with various outlets reporting it, including SIC Noticias, SIC’s news TV station, and Portugal’s Observador newspaper.

“The Impresa group confirms that its Expresso and SIC sites, as well as some of their social media pages, are temporarily unavailable, apparently the target of a computer attack, and that actions are being taken to resolve the situation,” according to a tweet from the company.

The Lapsus$ ransomware gang made it obvious they were behind the attack by defacing all of Impresa’s websites with a ransom note to let the company know that they had gained access to Impresa’s Amazon Web Services account. Lapsus$ identified itself as responsible for the ransomware attack by tweeting from one of Impresa’s verified Twitter accounts.

Lapsus$ identified itself as responsible for the ransomware attack by tweeting from one of Impresa's verified Twitter accounts.
The ransom note posted by Lapsus$. Credit: The Record

A Persistent Ransomware Attack – The Pressure To Pay

It appears that Impresa managed to recover the compromised Twitter on Monday. At the time, all of the sites were put into maintenance mode, displaying notes on home pages to let visitors know that they were temporarily unavailable.

Despite the company’s efforts, the ransomware gang kept up the pressure on the company by tweeting from Expresso’s verified Twitter account on Monday, so as to prove they still had access to Impresa’s network.

So far, both Lapsus$ and Impresa have remained silent regarding the ransom payment amount. Lino Santos, the coordinator of Portugal’s National Cybersecurity Center, told the Observador that this was the first time the cybercriminal group had ever attacked an organization in Portugal.

The Lapsus$ gang was first spotted in 2021, and its most noticeable attack was targeted at the Brazil Ministry of Health in December. Following the incident, several online entities were taken down, information on citizens’ COVID-19 vaccination data was wiped out, and the system that issues digital vaccination certificates was disrupted as well.

More Ransomware Attacks To Come

Cybersecurity experts warn of ransomware attacks not slowing down this year.

“Ransomware is not going away,” Dave Pasirstein, chief product officer and head of engineering for TruU wrote told Threatpost. “It’s a lucrative business that is nearly impossible to protect against all risk vectors.”

Most ransomware attacks have one thing in common: their infectious vector – phishing emails.

ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irreparable damage.

Put your employees to the test with our free security awareness training trial and find out where you stand against a phishing attack!


Threatpost Portugal Media Giant Impresa Crippled by Ransomware Attack

The Record Lapsus$ ransomware gang hits SIC, Portugal’s largest TV channel

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.