Cyber Incident Victim: Artear
Date:
May 2022
Location:
Argentina
Summary
Artear, the parent company of Canal 13 and TN, experienced a ransomware attack compromising its internal data networks and systems. Cybercriminals encrypted servers but had not issued a ransom demand at the time of reporting, though such a demand was anticipated based on typical ransomware tactics. The attack disrupted technical operations and internal tools for employees, causing workflow anomalies, but did not interrupt television broadcasts or digital platform services. A dedicated cybersecurity team worked to restore affected systems while investigating the incident's origin. The intrusion highlights broader ransomware trends targeting corporate entities to extort payments, though Artear maintained core operational continuity despite the sabotage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around May 1, 2022, Artear—the parent company of Canal 13, TN, and other television channels under Grupo Clarín—experienced a ransomware attack. Cybercriminals infiltrated Artear’s servers during the early morning hours, deploying malicious software that encrypted portions of the company’s data infrastructure. The attack disrupted Artear’s internal data networks and operational systems, impacting technical staff and online platform employees who encountered anomalies in their tools. Despite the compromise, Artear confirmed the attack did not interrupt television broadcasts or affect digital platforms, ensuring continuous on-air programming. No ransom demand was communicated by the attackers at the time of Artear’s initial public statements, though company representatives acknowledged such demands often follow in similar incidents. The attackers’ methods aligned with typical ransomware operations, specifically "cryptoviral extortion," rendering data inaccessible through encryption. Artear characterized the event as sabotage and initiated an investigation into its origin while emphasizing that core broadcasting functions remained intact.
Artear mobilized a specialized cybersecurity team to restore affected systems and normalize services following the attack. The company issued a public communication via social media on June 1, 2022, reiterating that television signals and digital platforms operated without interruption despite the compromise of internal networks. Technical workflows for employees, particularly those managing online operations, faced disruptions due to encrypted systems and tool malfunctions. The incident reflected broader ransomware trends in Argentina, where major corporations like Mercado Libre, Globant, and Ingenio Ledesma had suffered similar attacks earlier in 2022. Artear’s response focused on forensic analysis to determine the attack’s source, with no disclosed evidence linking it to specific threat groups like Lockbit or Conti. The company did not report data exfiltration or public leaks resulting from the incident, distinguishing it from prior cyberattacks against Argentine state agencies such as the 2021 Renaper breach. Restoration efforts and internal investigations remained ongoing as of the last available update from Artear.