Portugal Media Group Impresa Attacked by Ransomware in 2022!

Portugal Media Group Impresa Attacked by Ransomware in 2022!

Media giant Impresa, which owns the largest TV station & newspaper in Portugal, was crippled by a ransomware attack just hours into 2022. The suspected ransomware gang behind the attack goes by the name Lapsus$.

The websites of the company & the Expresso newspaper, as well as all of its SIC TV channels remained offline Tues. after the New Year’s weekend attack.


The attack included Impresa-owned website Expresso newspaper TV station SIC. Both remain offline Tues. morning as the media giant continued its recovery from a New Year’s weekend attack. Impacted is the server infrastructure critical to Impresa’s operations.

Also compromised is one of Impresa’s verified Twitter accounts, which was hijacked & used to attack the company publicly.

“National airwave & cable TV broadcasts are operating normally, but the attack has taken down SIC’s internet streaming capabilities,” according to a blog post published Mon. by The Record, the news service of security analyst firm Recorded Future.

Temporarily Unavailable

Other news outlets also reported the attack, including SIC Noticias, SIC’s news TV station, which tweeted a confirmation of the incident, & Portugal’s Observador newspaper.

“The Impresa group confirms that its Expresso & SIC sites, as well as some of their social media pages, are temporarily unavailable, apparently the target of a computer attack, & that actions are being taken to resolve the situation,” according to the tweet.

Lapsus$ identified itself as the culprit of the attack by defacing all of Impresa’s sites with a ransom note telling the company that it had gained access to Impresa’s Amazon Web Services account, according to a screenshot of the note posted online by The Record.

Pressure to Pay

It appears Impresa was able to regain control over the account on Monday when all of the sites were put into maintenance mode, showing notes on respective home pages that they were temporarily unavailable.

However, Lapsus$ kept up the pressure on Impresa via Twitter, tweeting from Expresso’s verified Twitter account on Mon. to show that it still had access to company resources, according to Recorded Future.

Amount of the Extortion Payment

Neither the company nor Lapsus$ so far has revealed the amount of the extortion payment associated with the incident, which marks the 1st time the group has attacked an entity in Portugal, Lino Santos, the Co-ordinator of Portugal’s National Cybersecurity Centre, told the Observador.

Lapsus$ Group became known in 2021 & so far is best known for an attack on the Brazil Ministry of Health in Dec.. This incident took down several online entities, successfully wiping out information on citizens’ COVID-19 vaccination data as well as disrupting the system that issues digital vaccination certificates.

Ransomware is Not Going Away

The attack shows that the significant ramp-up in ransomware attacks in 2021 show no signs of slowing in the New Year.

“Ransomware is not going away,” Dave Pasirstein, Chief Product Officer & Head of Engineering for TruU commented. “It’s a lucrative business that is nearly impossible to protect against all risk vectors.”