The Cuba ransomware gang has claimed responsibility for a recent cyberattack on The Philadelphia Inquirer, causing significant disruptions to the newspaper’s distribution and business operations. The attack, which occurred in May, forced the newspaper’s IT team to take computer systems offline to prevent further spread. The stolen data, including financial documents and source code, has been publicly released on the ransomware group’s portal, indicating that the newspaper refused to pay a ransom.
The Philadelphia Inquirer, Philadelphia’s largest newspaper by circulation and one of the longest continuously operating dailies in the US, disclosed the cyberattack on May 14th. The attack coincided with a crucial time as it disrupted the publication of the Sunday print newspaper and occurred just days before the city’s 100th mayoral election primary.
Home-delivery subscribers were provided with an early edition and directed to the newspaper’s unaffected website for the latest news updates.
Although the newspaper initially did not confirm if the attack was ransomware-related, the Cuba ransomware gang later claimed responsibility for the cyberattack, revealing that they had stolen files from the newspaper’s computers on May 12th.
The stolen data, which includes financial documents, correspondence, and source code, has been made available for free on the ransomware group’s portal, suggesting that the extortion attempt was unsuccessful.
The Cuba ransomware gang, while considered low-volume, remains an active threat, having reportedly made $60 million from 100 attacks as of August 2022. The group has previously targeted Ukrainian government agencies and has been associated with the distribution of the “ROMCOM RAT” malware through phishing emails.
A Microsoft report from January 2023 also highlighted the group’s exploitation of Microsoft Exchange vulnerabilities to gain initial access to corporate networks.
