The Cuban ransomware gang claimed responsibility for this month’s cyberattack on The Philadelphia Inquirer, which temporarily halted distribution of the newspaper and disrupted some business operations.

The Philadelphia Inquirer is Philadelphia’s largest newspaper (by circulation). Founded in 1829, it is the third continuously operating daily newspaper in the United States, and has won 20 Pulitzer Prizes for journalistic excellence.

On May 14, The Inquirer revealed that he had suffered a cyberattack who forced his IT team to take computer systems offline to prevent the attack from spreading. Additionally, the newspaper hired forensic experts from Kroll to investigate the “abnormal activity”.

The attack disrupted publication of the Sunday print newspaper, so home delivery subscribers received a first composed edition on Friday and were asked to keep up to date with the latest news on the newspaper’s website (inquire .com), which was unaffected.

“The disruption to Inquirer’s publication is the most significant the company has faced since the blizzard of January 7-8, 1996, and comes just days before the primary for Philadelphia’s 100th mayoral election,” describes the relevant article on the newspaper online portal.

At the time, a spokesperson for the newspaper did not specify whether the attack was ransomware and kindly asked for patience until the ongoing investigation was completed.

However, today the cyberattack was claimed by the Cuba ransomware gang in a post on their extortion site, stating that they stole files from the newspaper’s computers on May 12, 2023.

The stolen data, now made public on Cuba’s extortion portal, includes financial documents, correspondence with bank employees, account movements, balance sheets, tax documents, compensation and source code.

Cuba ransomware leaks all stolen files to log
Cuba ransomware leaks all stolen files to log
Source: BleepingComputer

The fact that all the stolen files were made available for free indicates that the newspaper refused to pay a ransom, so the extortion process ended in a stalemate.

BleepingComputer reached out to The Philadelphia Inquirer to inquire about the status of its systems and whether any customer data may have been stolen from its networks, but comment was not available per post.

The Cuba ransomware gang remains a low volume but still active group that the The FBI reported earned $60 million from 100 attacks in August 2022.

The ransomware gang has also been linked to attacks on Ukrainian government agencies after phishing emails delivered “ROMCOM RAT” malware, a remote access Trojan associated with a known ransomware affiliate Cuban.

A January 2023 Microsoft Report shared that Cuban ransomware members also exploited vulnerabilities in Microsoft Exchange for initial access to corporate networks.



Source link