After hacker attack: ransom demand on the NZZ media

The NZZ is being blackmailed. A ransom demand is said to have appeared in the anonymous part of the Internet, the so-called Darknet: hackers are demanding money for data that is said to have been leaked when the media company’s systems were broken into. Also the publisher CH Media, which partly uses the same IT infrastructure as the NZZwas affected.

After the attack, which became known on March 24, both press houses had problems in their production processes. The sizes of some of the editions – according to the publisher, two of the NZZ and one of the NZZ on Sunday – had to be reduced, there were also problems with the e-paper: articles could not be clicked on individually, if you wanted to take out a subscription, a window opened that pointed to “maintenance work”. In the case of the CH Media titles, at times only summarized editions of the regional sections could be printed. In the meantime, the damage to the systems has been repaired. The NZZ announces: “The newspaper production of the NZZ is ensured. All customer-critical systems are available.”

The Swiss news agency SDA-Keystone first reported on the ransom demand that had now surfaced. The hacker group “Play”, which has identified itself as the perpetrator, claims to have stolen “private and personal confidential data, projects, payroll, employee information and more”. The criminals threaten to publish them if their demands are not accepted. The NZZ does not comment on the claim for an unknown amount. Regarding the question of which data is affected, she states that this is “the subject of ongoing investigations. We are currently analyzing the incident with the authorities, the police and cyber security experts”. Due to the “rolling development” no further information can be given at the moment.

The online magazine Inside IT CH Media said that “only a very small data outflow is currently known”, “although the analysis work is still ongoing”. After the attack was discovered, the authorities were called in immediately. The hackers have given the media companies a deadline of April 24th.

source site