Expert Comment: Lapsus$ Ransomware Gang

According to reports, Lapsus$ ransomware gang hit Portugal’s largest TV channel, SIC, last week. The attackers were able to successfully infiltrate SIC’s systems because of a phishing email (possibly sent by an employee). Once they entered the system, they encrypted all of their files and demanded 2 bitcoins for decryption. After receiving payment from SIC, they released all of their data and updated their antivirus software before leaving.

Background: Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso, the country’s largest TV Channel and weekly newspaper, was hit with a ransomware attack over the New Year holiday and is currently being used to extort Impresa. All websites for the Impresa group, Expresso, and all the SIC tv channels are currently offline.

Experts Comments

January 04, 2022
Dave Pasirstein
CPO & Head of Engineering
TruU

Ransomware is not going away. It's a lucrative business that is nearly impossible to protect all risk vectors; however, it is made easy by enterprises failing to take enough precautionary steps. Those steps must include: zero trust approaches, active patching, end-point and email protection, employee culture/training/testing, and very strong authentication such as modern MFA, ideally a password-less MFA that is not based on shared-secrets and thus, cannot easily be bypassed by a server

.....Read More

Ransomware is not going away. It's a lucrative business that is nearly impossible to protect all risk vectors; however, it is made easy by enterprises failing to take enough precautionary steps. Those steps must include: zero trust approaches, active patching, end-point and email protection, employee culture/training/testing, and very strong authentication such as modern MFA, ideally a password-less MFA that is not based on shared-secrets and thus, cannot easily be bypassed by a server compromise.

  Read Less
January 04, 2022
Nasser Fattah
Executive Advisor
Shared Assessments

Company downtime equates to a loss of revenue, in one form or another, which is an immediate byproduct of ransomware. Hence the importance of doing ransomware tabletop exercises to not only best prepare for an attack, but also to engage the business to best understand the financial impact of system outages.

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.