Select Page

Outlets like The Record and analyst firm Recorded Future let the Internet know this past Monday that national airwave and cable TV broadcasts took down Impresa’s SIC internet streaming capabilities.

What happened? Ransomware attack.

How it did happen? Let’s find out.


Portugal Impresa Taken Down by Ransomware Attack in New Year’s Eve

The attack did not impact radio and cable TV broadcasts, while SIC’s internet New Year’s Eve streaming transmission was interrupted. The Impresa group themselves confirmed that many of its SIC-related websites, besides social media pages were taken down temporarily. 

Impresa-owned websites Expresso newspaper and television station SIC took action immediately, reporting the incident to the criminal investigation police agency PJ and the National Cybersecurity Centre (CNCS), filing a complaint.  

Both remained offline as the mother company recovered from a New Year’s weekend attack.

International and local media organizations jumped right away to publish news stories about what happened, with quotes like “this being an unprecedented attack on press freedom in the digital age” while unfortunately, cybersecurity experts like Dave Pasirstein comment:

“Ransomware is not going away. t’s a lucrative business that is nearly impossible to protect against all risk vectors.”

The Lapsus$ Group are the alleged hackers behind the breach into Impresa’s Amazon Web Services account, a phishing e-mail sent to Expresso subscribers and an in-site message announcing the possible leakage of internal data, in case the media group didn’t pay the ransom.

It appears Impresa was able to regain control over the account on Monday when all of the sites were put into maintenance mode, showing notes on respective home pages that they were temporarily unavailable.

Impresa Maintenance Mode


This was followed by a tweet published on the media outlet’s verified social media profile.

Neither the company nor Lapsus$ so far has revealed the amount of the extortion payment associated with the incident, which marks the first time the group has attacked an entity in Portugal, Lino Santos, the coordinator of Portugal’s National Cybersecurity Center, told the Observador.

Lapsus$ Group came on the ransomware scene in 2021 and so far is best known for an attack on the Brazil Ministry of Health last month. 

The incident took down several online entities, successfully wiping out information on citizens’ COVID-19 vaccination data as well as disrupting the system that issues digital vaccination certificates.

The gang also targeted the South American telecommunication providers Claro and Embratel.

Let’s think about this whole situation for a second. This Portuguese media conglomerate collects millions of euros every month and holds thousands of employees, many of them inside an IT department… And an attack of this magnitude still happens.

Can you imagine what could happen to your own business if some bad actor ever thinks of attacking your online infrastructure? Yeah, that wouldn’t be nice, but there are great possibilities that you couldn’t ever recover if a Ransomware attack hits.

Unless… You have the right defensive measures (preventive and emergency troubleshooting) set up in place. 

We offer you two options. You can either:


  1. Choose in the top header the service that you need now. We’ll assist you right away. 
  2. Or ask us any question that you may have about your business’s cybersecurity.