According to reports, Lapsus$ ransomware gang hit Portugal’s largest TV channel, SIC, last week. The attackers were able to successfully infiltrate SIC’s systems because of a phishing email (possibly sent by an employee). Once they entered the system, they encrypted all of their files and demanded 2 bitcoins for decryption. After receiving payment from SIC, they released all of their data and updated their antivirus software before leaving.
Background: Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso, the country’s largest TV Channel and weekly newspaper, was hit with a ransomware attack over the New Year holiday and is currently being used to extort Impresa. All websites for the Impresa group, Expresso, and all the SIC tv channels are currently offline.
<p>Ransomware is not going away. It\’s a lucrative business that is nearly impossible to protect all risk vectors; however, it is made easy by enterprises failing to take enough precautionary steps. Those steps must include: zero trust approaches, active patching, end-point and email protection, employee culture/training/testing, and very strong authentication such as modern MFA, ideally a password-less MFA that is not based on shared-secrets and thus, cannot easily be bypassed by a server compromise.</p>
<p>Company downtime equates to a loss of revenue, in one form or another, which is an immediate byproduct of ransomware. Hence the importance of doing ransomware tabletop exercises to not only best prepare for an attack, but also to engage the business to best understand the financial impact of system outages.</p>