Philadelphia Inquirer is Struck by Cuba Ransomware

Philadelphia Inquirer Falls Victim to Cuba Ransomware
Cuba Ransomware cyberattack interrupts publish of newspaper published since 1829

The Philadelphia Inquirer, Philadelphia’s largest newspaper by circulation and third-longest-running newspaper in the USA, suffered a cyberattack on May 15, temporarily disrupting the newspaper’s distribution. A Cuba ransomware gang claimed responsibility for the incident.

About Philadelphia Inquirer

The Philadelphia Inquirer is one of the oldest newspapers in the United States, first published in 1829 and still published today. During that time, it has won 20 Pulitzer Prizes for its journalistic achievements. Today it’s reached an audience of more than 13 million people monthly. On May 15, however, The Inquirer reported a cyberattack that forced them to shut down their computers and interrupt Sunday’s edition. So subscribers could instead follow the news via an electronic version of the paper, which was unaffected. According to the publication, this is the most serious incident since the Jan. 7-8, 1996, snowstorm.

Screenshot of an electronic version of the Philadelphia Inquirer
Electronic version of the Philadelphia Inquirer

Philadelphia Inquirer Hacked by Cuba Ransomware

Following the cyberattack report, the Inquirer had hired forensic experts from Kroll to investigate the incident. However, it’s worth noting that the cyberattack occurred days before the Philadelphia mayoral election. Initially, a spokesperson for the newspaper did not specify whether the attack was linked to Ransomware. However, judging by the fact that the stolen data later went public, this was probably the case. Apparently, the newspaper likely refused to pay the ransom.

Cuba ransomware gang claims responsibility

On May 23, a Cuba ransomware gang announced on their site that they had stolen files from the Philadelphia Inquirer computers. The criminals published all the stolen data on the own leak site in the Darknet. According to the attackers, the data include financial documents, correspondence with bank officials, balance sheets, account activity, tax documents, compensation, and source code. However, newspaper representatives did not specify whether customer data had been stolen. The same applies to the affiliation of the published data of the affected company.

Screenshot of data publication on the Cuba ransomware website
Cuba ransomware publishes stolen files on its website

Who is the Cuba ransomware gang?

Cuba ransomware was first detected in late 2019. Despite Cuban nationalist themes, intelligence suggests some Russian affiliation for the group. It’s related to the messages containing typical Russian spelling mistakes. According to the FBI, as of August 2022, Cuba ransomware had received $60 million of the 145 requested and compromised 101 organizations. In addition, the gang has been linked to attacks on Ukrainian government institutions. During this attack, phishing emails delivered ROMCOM RAT malware associated with Cuba ransomware. Gang members also used Microsoft Exchange vulnerabilities to gain initial access to corporate networks. Apparently, the gang has been out of sight since early winter 2022 and only became active again in early May 2023.

By Stephanie Adlam

I write about how to make your Internet browsing comfortable and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.

Leave a comment

Your email address will not be published. Required fields are marked *