One of Germany’s largest newspaper publishers, Funke Media Group, has been attacked by ransomware, impacting over 6,000 laptops and thousands of additional machines. The attack halted the activities at the company’s editorial offices and several printing houses.
The attack hindered work at the newspaper editorial offices and halted some of its major printing houses. As a result, subscribers received only emergency issues of a few pages. Because of this impact on the printed editions of the newspapers, the publishing house has decided to temporarily remove the paywall that is normally active on its news site, so everyone has full access to all of its articles. Unlike the newspapers, the publishing of the magazines that belong to the Funke Media Group are not expected to be delayed.
The press release by Funke states that several of its main systems in offices around Germany had been encrypted. This would indicate a ransomware attack. In a later press release, Funke stated that over 6000 laptops and thousands of other systems (endpoints and servers) were affected and that its IT staff worked with the help of cybersecurity professionals throughout the holidays to get as many systems as possible up and running again. The attack is under investigation by police.
A lot of the major current ransomware families threaten to publish breached data in order to create greater leverage for the victim to pay the ransom. With over three million subscribers and maybe even some interesting information unearthed by journalists, the obtained information could be very costly.
Since it’s unknown which type of ransomware was used in this attack, it is not yet possible to tell whether any data were exfiltrated during the attack and whether any such data will be published if the Funke Media Group refuses to pay the ransom.