Lapsus$ Ransomware is a new and emerging ransomware group that has successfully attacked major conglomerates and their latest victim is Samsung. Like most ransomware groups, Lapsus$ also infiltrates organizations with a phishing attack. From there on, they exploit vulnerabilities like privilege escalation to get hold of administrative rights and blatantly display their abilities.
Lapsus$ claims to have stolen data from Samsung. They announced their telegram channel and also shared screenshots of the data. Stolen data contains confidential Samsung source code, including:
“There was a security breach relating to certain internal company data,” Samsung told Bloomberg. “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”