On Tuesday 28th of December 2021, Amedia, a Norway-based media company which publishes more than 70 newspapers for 2 million readers experienced a ransomware that resulted in their central information systems being encrypted. This led to Amedia having to shut down their presses although Amedia have confirmed they are looking to establish alternative solutions to produce about 20 of their newspapers as currently it is not possible for other newspapers to be printed due to the incident. It is believed that the exploitation of the PrintNightmare vulnerability was involved in the incident.
There are concerns around the data on the central system, as the central system stores data of Amedia’s subscribers and employees. The subscribers’ data includes name, address, mobile number, email address and subscription history, while employees’ data includes employment conditions/agreements, Social Security numbers and salaries.
Although the threat actors did leave a ransom note on the media company’s infected computers, Amedia has stated they have no intention of paying ransom and they have shared the ransom note with the police. Currently it is believed that the Vice Society might be the ransomware gang behind the attack.
© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.