De: Suspected ransomware: “Cyber attack” on the Madsack publishing group
The publishing company Madsack GmbH & Co. KG (and Madsack Media Group) is a German publishing and media group based in Hanover. The core business consists of 15 regional daily newspapers.
Axel Kannenberg reports (translation):
The Madsack publishing group has apparently been attacked by ransomware. According to a media report, an internal mail from the publisher indicates an infection with the blackmail Trojan Nefilim. A spokesman for Madsack only told heise online on request that “a cyber attack on the computer systems of the Madsack media group” had occurred on Friday.
The publisher has taken countermeasures, but newspaper production for Saturday could be impaired, the spokesman said.
Read more on Heise.
Nefilim threat actors maintain a dark web leak site where they list the names of their victims who refuse to pay ransom. If the victims continue to refuse to pay ransom, their data is then dumped publicly. Madsack’s name does not appear on Nefilim’s leak site at the time of this publication, but that may only indicate that they had not been added because the threat actors still hoped to get ransom from them. Then again, we have seen no proof that this was nefilim ransomware, and the publisher has not confirmed that publicly.
Reporting by Chum1ng0 with additional material by Dissent.