Cuba ransomware claims responsibility for the cyberattack on The Philadelphia Inquirer

The Cuba ransomware gang has claimed responsibility for the recent cyberattack on Philadelphia’s largest newspaper, The Philadelphia Inquirer, which temporarily disrupted the newspaper’s distribution and some business operations.

 

In a post published on their extortion site, the Cuba ransomware gang declared that it stole files from the newspaper’s computers on May 12. The stolen data, now publicly released on Cuba’s extortion portal, includes financial documents, correspondence with bank employees, account movements, balance sheets, tax documents, compensation, and source code.

 

The US third-longest continuously operating daily newspaper disclosed on May 14 that it had suffered a cyberattack, forcing its IT team to take computer systems offline to prevent the attack’s spread. The attack disrupted the publication of the Sunday print newspaper. Home-delivery subscribers received an early edition on Friday and were encouraged to read the latest news on the newspaper’s website (inquirer.com), which remained unaffected.

 

The fact that all stolen files were made available for free suggests that the newspaper refused to pay a ransom. The newspaper is currently working with forensics experts from Kroll to investigate the cyber incident.

 

According to the FBI, the Cuba ransomware gang made $60 million from 100 attacks as of August 2022. The ransomware gang is linked to attacks on Ukrainian government agencies. A January 2023 Microsoft report indicates that the Cuba ransomware members exploit Microsoft Exchange vulnerabilities for initial access to corporate networks.