Ransomware operators are back in business with the advent of 2022. Hardly one week of the year had passed, when researchers raised an alarm about a newly discovered Lapsus$ ransomware. 

What’s the news?

  • Impresa, the largest media conglomerate in Portugal, was hit by the new Lapsus$ ransomware during the New Year holiday. 
  • The gang took responsibility for the attack by defacing all sites of Impresa with a ransom note. Besides a ransom request, the message claimed that the group had gained access to the company’s online IT server infrastructure, including all the websites and channels of SIC and Expresso. 
  • However, the attack did not impact radio and cable TV broadcasts. 
  • While the company regained control over many of its impacted sites, the gang claims that it still has access to company resources.

The bigger picture

  • Ever since its discovery in December 2021, the Lapsus$ group had hacked several other organizations. 
  • This included the attack on the websites of Brazil’s Ministry of Health, following which there was the unavailability of COVID-19 vaccination data of millions of citizens.  
  • The other two victims were South American telecommunication providers - Claro and Embratel. 

Bottom line

Ransomware is a lucrative business for cybercriminals. It is paying off and it is working. With each passing year, the threat actors are becoming creative in their extortion and propagation techniques and this surely is a huge threat for organizations. However, instead of being sitting ducks to such threats, organizations must fortify their cybersecurity posture by ensuring a robust backup process and detection measures for malicious activities. 

Cyware Publisher