Written by Tim Starks
The websites of the top newspaper and TV station in Portugal remained down Tuesday after a cyberattack that began over the weekend, following in a string of recent attacks on media organizations.
Impresa Group said its Expresso newspaper and SIC TV stations were the victim of a computer attack. A ransomware group suspected as the culprit, known as Lapsus$, initially defaced the websites with a ransom demand.
The outfit also sent tweets from Expresso’s Twitter account to declare itself the president of Portugal, and sent text messages to the news organizations’ customers hyping its success in an apparent bid to pressure its victims into paying.
“For safety reasons, we ask that you do not access or forward any of the various communications that are being sent on behalf of the Impresa group brands,” the company said in a Facebook post on Monday. “We continue to take necessary actions and measures to resolve the situation as soon as possible.”
It’s one of a number incidents afflicting media organizations in the past couple weeks, although none of the attacks seem connected. The Jerusalem Post was hacked and defaced on Monday. The largest news organization in Norway got hit last week.
It’s also among several more publicly-reported suspected ransomware attacks on media entities over the past several months. “Most ransomware attacks are not targeted, so it is likely there are security deficiencies shared by other media orgs,” tweeted Allan Liska, director of threat intelligence at the Record Future cybersecurity firm.
Continuing my thought from yesterday. In the last 6 months there have been at least 5 *publicly reported* ransomware attacks against major media companies. Most ransomware attacks are not targeted, so it is likely there are security deficiencies shared by other media orgs. pic.twitter.com/GMujEER9Bv
— Allan “Ransomware Sommelier🍷” Liska (@uuallan) January 3, 2022