Lapsus$ hits Impresa

Portuguese largest media group Impresa Sociedade has been struck by a ransomware attack over the new year’s holiday, taking their websites and online streaming services offline.

The attack is being carried by little-known ransomware gang that goes by the name of Lapsus$. The attack hit the company’s online information technology server infrastructure, knocking the websites for SIC and Expresso offline, including SIC’s internet streaming service. Broadcast and cable TV services have not been affected.

The Lapsus$ ransomware gang also defaced all of the company’s websites with a ransom note. The note also claimed that the gang had gained access to Impresa’s Amazon Web Serivces Inc. account.

The Lapsus$ ransomware gang appears to have first come onto the scene in December with an attack on Brazil’s Ministry of Health. That attack also included a system that tracks Brazil’s national immunization program and issues digital vaccination certificates claimed to be 50 TB.

Both the Brazil Ministry of Health attack followed by an attack on Impresa both have one commonality – both countries use Portuguese as their language and the ransom notes in both cases were in the same language. The presumed takeaway is that the Lapsus$ ransomware gang consists of Portuguese speakers.

Impressa claims to have regained control over its AWS account, but a Twitter account run by Lapsus$ claimed to have access still. The main Impresa website remains down at the time of writing with a message stating in Portuguese that the website is temporarily unavailable.