Lapsus$ Ransomware Gang Pwns Portugal’s Largest TV Channel

The Record is reporting that the Lapsus$ ransomware gang has hit SIC, Portugal’s largest TV channel:

The attack has taken place over the New Year holiday and has hit the company’s online IT server infrastructure. Websites for the Impressa group, Expresso, and all the SIC TV channels are currently offline.

National airwave and cable TV broadcasts are operating normally, but the attack has taken down SIC’s internet streaming capabilities.

The Lapsus$ group took credit for the attack by defacing all of Impressa’s sites with a ransom note (pictured at the top of this article). Besides a ransom request, the message claims that the group has gained access to Impresa’s Amazon Web Services account.

Impresa staff appeared to have regained control over this account earlier today when all the sites were put into maintenance mode, but the attackers immediately tweeted from Expresso’s verified Twitter account to show that they still had access to company resources.

The Impresa attack is one of the largest cybersecurity incidents in Portugal’s history. Impresa is, by far, the country’s largest media conglomerate.

This is clearly not a good look for SIC. Elizabeth Wharton who is the Vice President, Operations for SCYTHE had this to say:

“Being able to continuously validate people, processes, and technologies is always going to be a struggle. Ransomware gangs like Lasus$ may use the same tactics, techniques, and procedures (TTPs) to carry out their attacks, or they may reorder the TTPs to fly under the radar. Companies need to continuously test their controls using threat intelligence, like the news of this attack, to protect their business interests.”

Hopefully SIC gets control back from this gang. And more importantly, the rest of us use this as a case study as to how to defend yourself from getting pwned in this manner.

UPDATE: I got additional commentary from Dave Pasirstein, CPO & Head of Engineering, TruU:

Ransomware is not going away.  It’s a lucrative business that is nearly impossible to protect all risk vectors; however, it is made easy by enterprises failing to take enough precautionary steps.  Those steps must include: zero trust approaches, active patching, end-point and email protection, employee culture/training/testing, and very strong authentication such as modern MFA, ideally a password-less MFA that is not based on shared-secrets and thus, cannot easily be bypassed by a server compromise.

One Response to “Lapsus$ Ransomware Gang Pwns Portugal’s Largest TV Channel”

  1. […] made the news recently for pwning a TV network in Portugal. They’re apparently based in South America and is well known in the ransomware community. And […]

Leave a Reply

%d bloggers like this: