The Philadelphia Inquirer, Philadelphia’s largest newspaper by circulation and third-longest-running newspaper in the USA, suffered a cyberattack on May 15, temporarily disrupting the newspaper’s distribution. A Cuba ransomware gang claimed responsibility for the incident.
About Philadelphia Inquirer
The Philadelphia Inquirer is one of the oldest newspapers in the United States, first published in 1829 and still published today. During that time, it has won 20 Pulitzer Prizes for its journalistic achievements. Today it’s reached an audience of more than 13 million people monthly. On May 15, however, The Inquirer reported a cyberattack that forced them to shut down their computers and interrupt Sunday’s edition. So subscribers could instead follow the news via an electronic version of the paper, which was unaffected. According to the publication, this is the most serious incident since the Jan. 7-8, 1996, snowstorm.
Philadelphia Inquirer Hacked by Cuba Ransomware
Following the cyberattack report, the Inquirer had hired forensic experts from Kroll to investigate the incident. However, it’s worth noting that the cyberattack occurred days before the Philadelphia mayoral election. Initially, a spokesperson for the newspaper did not specify whether the attack was linked to Ransomware. However, judging by the fact that the stolen data later went public, this was probably the case. Apparently, the newspaper likely refused to pay the ransom.
Cuba ransomware gang claims responsibility
On May 23, a Cuba ransomware gang announced on their site that they had stolen files from the Philadelphia Inquirer computers. The criminals published all the stolen data on the own leak site in the Darknet. According to the attackers, the data include financial documents, correspondence with bank officials, balance sheets, account activity, tax documents, compensation, and source code. However, newspaper representatives did not specify whether customer data had been stolen. The same applies to the affiliation of the published data of the affected company.
Who is the Cuba ransomware gang?
Cuba ransomware was first detected in late 2019. Despite Cuban nationalist themes, intelligence suggests some Russian affiliation for the group. It’s related to the messages containing typical Russian spelling mistakes. According to the FBI, as of August 2022, Cuba ransomware had received $60 million of the 145 requested and compromised 101 organizations. In addition, the gang has been linked to attacks on Ukrainian government institutions. During this attack, phishing emails delivered ROMCOM RAT malware associated with Cuba ransomware. Gang members also used Microsoft Exchange vulnerabilities to gain initial access to corporate networks. Apparently, the gang has been out of sight since early winter 2022 and only became active again in early May 2023.