Skip to main content

Funke Media Group suffers nationwide ransomware attack in Germany

On December 22, Germany's third largest publisher fell victim to a cyberattack that affected systems in offices all around the country. The Funke Media Group publishes dozens of newspapers, like Berliner Morgenpost, Hamburger Abendblatt, and Bergedorfer Zeitung, as well as magazines, several local radio stations, and online news portals. It reaches over 3 million readers on a daily basis.

The impact of the ransomware attack

The attack hindered work at the newspaper editorial offices and halted some of its major printing houses. As a result, subscribers received only emergency issues of a few pages. Because of this impact on the printed editions of the newspapers, the publishing house has decided to temporarily remove the paywall that is normally active on its news site, so everyone has full access to all of its articles. Unlike the newspapers, the publishing of the magazines that belong to the Funke Media Group are not expected to be delayed.

The press release by Funke states that several of its main systems in offices around Germany had been encrypted. This would indicate a ransomware attack. In a later press release, Funke stated that over 6000 laptops and thousands of other systems (endpoints and servers) were affected, and that its IT staff worked with the help of cybersecurity professionals throughout the holidays to get as many systems as possible up and running again. The attack is under investigation by police.

Getting the damage undone

The IT specialists have organized wipe and rebuild lines in the style of a digital car wash. These are functional in three of the publisher's main locations where all the laptops are checked, cleaned, re-installed, and then returned to users. On January 4, some 1200 endpoints had undergone this procedure.

As we've pointed out many times before, the damage that's done by ransomware is far greater than the amount of the ransom. It takes huge efforts to get a large-scale operation up and running again, especially in this case where the victim is a wide-spread and highly computerized organization like a major publisher.

Leaked data

A lot of the major current ransomware families threaten to publish breached data in order to create greater leverage for the victim to pay the ransom. With over three million subscribers and maybe even some interesting information unearthed by journalists, the obtained information could be very costly.

Since it's unknown which type of ransomware was used in this attack, it is not yet possible to tell whether any data were exfiltrated during the attack, and whether any such data will be published if the Funke Media Group refuses to pay the ransom. Of course, we will keep you posted about any developments.

Stay safe, everyone!

The post Funke Media Group suffers nationwide ransomware attack in Germany appeared first on Malwarebytes Labs.



from Malwarebytes Labs full article here

Popular posts from this blog

Mobile Security Framework (MobSF) - An All-In-One Mobile Application Security Assessment Framework

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing. Screenshots: Static Analysis - Android Static Analysis - iOS Dynamic Analysis - Android APK Web API Viewer Requirements: Mac: Install Git Install Python 3.6 - 3.7 (3.8 is not supported) macOS Catalina users must uninstall existing python3 and install the one from Python.org . After installation, go to /Applications/Python 3.7/ and run Install Certificates.command and Update Shell Profile.command Install JDK 8+ ...
Read more

BlackArch Linux - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. It contains over 1800 security and hacking tools. Here is the complete list of tools in the BlackArch Linux: 0d1n : Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. 0trace :  A hop enumeration tool. 3proxy : Tiny free proxy server. 3proxy-win32 : Tiny free proxy server. 42zip : Recursive Zip archive bomb. a2sv : Auto Scanning to SSL Vulnerability. abcd : ActionScript ByteCode Disassembler. acccheck : A password dictionary attack tool that targets windows authentication via the SMB protocol. ace : Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface ad-ldap-enum : A LDAP based Active Directory user and grou...
Read more

How a VPN can protect your online privacy

Have you ever experienced the feeling of relief that comes when you do something silly, but you're glad you did it where people don't know you? Or maybe you wished you were somewhere like that, but alas… That is what a Virtual Private Network ( VPN ) can do for you: it can put you in a place where you are unknown. To determine if and when you need a VPN, you must define what your goal is. If your main goal is to improve your privacy online, then a VPN is one of the possible solutions. Privacy is a right that is yours to value and defend. If you don't fall into the categories of people who say "I have nothing to hide" or "they already know everything about me" then you may care enough about your privacy to use a VPN. For the latest Malwarebytes Labs reader survey we asked "Do you use a VPN?" 2,330 responded and an impressive 36 percent said they now used a VPN. For perspective, ten years ago, only 1.5 percent of Americans used VPNs. So...
Read more