On December 22, the third largest publisher in Germany became a victim of a cyber attack that affected its office systems across the country.

German media (Funke Media Group) publishes dozens of newspapers (such as Berliner Morgenpost, Hamburger Abendblatt and Bergerdorfer Zeitung), magazines, many local radio stations and online news portals. According to statistics, the company has 3 million subscriptions.

Impact of ransomware attacks

The attack affected the work of the newspaper’s editorial department, which caused the company to suspend the work of some of its major printing houses and to send a few pages of emergency notices to newspaper subscribers. At the same time, due to the impact of the attack on the printing of newspapers, the publisher has decided to temporarily cancel the pay zone that is usually active on its news site so that everyone can fully access all articles on its website. Unlike newspapers, the distribution of magazines under Funke Media Group is not expected to be delayed.

A press release issued by Funke stated that several major systems in its offices across Germany have been encrypted. This shows that it has indeed suffered a ransomware attack. In a subsequent press release, Funke pointed out that more than 6000 laptops and thousands of other systems (endpoints and servers) were affected, and the company’s IT staff worked with the help of cyber security professionals throughout the holiday. Restart and run as many systems as possible. At the same time, the police are investigating the attack.

Recover damages

IT experts organized the cleaning and reinstallation production lines in the form of digital car wash. They can play a role in the three main locations of the publisher, where all laptops are inspected, cleaned, reinstalled, and returned to users. On January 4, approximately 1,200 endpoints performed this process.

As we have pointed out many times before, the damage caused by ransomware is far greater than the amount of ransomware. It takes a lot of effort to restart the production activities of this large company, especially in situations such as this attack, where the victim is a widely distributed and highly computerized major publisher.

Data breach

Many major ransomware groups currently threaten to release the stolen data in order to obtain more chips to demand more ransoms from the victims. Since this media company has more than 3 million subscribers, the information stolen by the attackers may be very valuable.

Since it is not clear what type of ransomware was used in this attack, it is not yet possible to determine whether any data was leaked during the attack. If Funke Media Group refuses to pay the ransom, will the attacker continue to release any relevant data? We will continue to follow up on this incident.

Hope everyone pays attention to safety!


The Links:   M50100TB1600 LB104S02-TD01