According to reports, Lapsus$ ransomware gang hit Portugal’s largest TV channel, SIC, last week. The attackers were able to successfully infiltrate SIC’s systems because of a phishing email (possibly sent by an employee). Once they entered the system, they encrypted all of their files and demanded 2 bitcoins for decryption. After receiving payment from SIC, they released all of their data and updated their antivirus software before leaving.
Background: Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso, the country’s largest TV Channel and weekly newspaper, was hit with a ransomware attack over the New Year holiday and is currently being used to extort Impresa. All websites for the Impresa group, Expresso, and all the SIC tv channels are currently offline.