The media and entertainment industry spans a diverse range of businesses from newspaper publishers to television broadcasters. Common to most business models within media and entertainment is a high susceptibility to ransomware attacks.
Whether by disrupting important customer-facing services or blocking access to important data, threat actors believe ransomware can result in large payouts in the media and entertainment sector. This belief is motivated by assuming that companies will pay up to avoid any reputational damage or a data leak. This article looks at the state of ransomware in media and entertainment and highlights some recent attacks.
Ransomware in Media and Entertainment: Overview
In the United States, the media and entertainment industry is worth $717 billion. A 2018 survey found that 51 percent of media and entertainment companies experienced three or more cyber attacks over a 12-month period. It is clear that companies in the sector are in the sights of prying hackers looking for the next big payday.
The current wave of double extortion attacks puts businesses within media and entertainment at risk. These attacks exfiltrate a company’s prized data before encrypting systems. The perpetrators threaten to release the data on the dark web if the victim company doesn’t pay the demanded ransom.
Consider the fact that the average cost to produce a major movie is $65 million. Threat actors know that movie studios (and most other media and entertainment businesses) prize their content above all else.
Competent hackers can target the digital infrastructure of a movie studio and access files for an upcoming movie in a ransomware attack. Having a movie published on the dark web in advance of its release date would be a disaster, so most studios would be willing to engage with ransom demands in this scenario.
If content is the prized asset in media and entertainment, there are other ways to disrupt it aside from exfiltrating files. For example, a successful ransomware attack can cause an operational outage that prevents television stations from broadcasting or newspaper publishers from publishing. The risks are clear and the volume of attacks continues to rise.
Ransomware Incidents in Media and Entertainment
Cox Media, June 2021
Cox Media Group broadcasts to radio and television stations affiliated with major US networks, including CBS, NBC, and Fox. In June 2021, several Cox Media stations were disrupted from broadcasting due to a ransomware attack. Details quickly emerged that this attack directly targeted Cox Media live streams and didn’t impact any other aspect of the company’s digital infrastructure.
The interconnected nature of media and entertainment meant that other companies broadcasting Cox Media stations were impacted by this attack. Hulu, the popular streaming provider, faced complaints from disgruntled customers on Twitter about unavailable television streams. Interestingly, Cox Media Group opted to remain quiet about any specific details of this attack, so it remains unknown who the perpetrators were and whether any ransom was paid.
Nine Network, Australia March 2021
Nine Network is one of the five main free-to-air television networks in Australia. In March 2021, a cyber attack targeted the availability of Channel Nine, which has the highest share of television ratings in Australia. The attack disrupted live broadcasts of Channel Nine and impacted its online news website.
Nine Network’s parent company also owns The Sydney Morning Herald and The Age newspapers, but it appears neither of these business lines was impacted. Popular Australian breakfast television show Weekend Today could not air because of the attack. An official company statement said the disruption primarily affected the broadcasting and corporate units of the business.
As with the Fox Media Group incident, scant details have emerged of the ransomware variant, any ransom demand, or the group behind the attack.
CD Projekt Red, February 2021
CD Projekt Red is a Polish video game developer best known for creating The Witcher and Cyberpunk 2077video games. A Tweet posted by the company in February 2021 confirmed that CD Projekt Red became the latest victim of a ransomware attack in the media and entertainment industry. Accompanying the tweet was a ransom note indicating that the threat actors had compromised the source code of the hugely popular Cyberpunk 2077 game and for an unreleased version of The Witcher 3.
Aside from accessing sensitive source code, the hackers also managed to encrypt servers belonging to CD Projekt Red. In an official company statement attached to the original Tweet, CD Projekt Red said that its backups remained intact and that it was in the process of restoring its data while securing infrastructure.
CD Projekt Red specifically mentioned it was unwilling to engage with any ransom demands due to the likelihood of sensitive data being published regardless of whether they paid up. This prediction came through when it was revealed that hackers began publishing sensitive information about employees and contractors four months after the attack.
Funke Media Group, December 2020
Funke Media Group is the third-largest newspaper and magazine publisher in Germany. In December 2020, a ransomware attack halted publishing at Funke’s major printing houses resulting in an inability to publish print editions of several of its popular daily newspapers. Containing the incident required switching off the entire production systems and technologies for newspaper printing to prevent further damage.
This was a large-scale ransomware incident that encrypted up to 6,000 employee laptops and other endpoints. The recovery operation involved wiping the laptops clean, re-installing the operating system and apps, and returning them to employees. As with other attacks targeting media and entertainment companies in recent times, it’s unclear who the perpetrators were.
Thwarting Ransomware Attacks in Media and Entertainment
From operational disruptions to stealing sensitive data, the recent ransomware attacks in the media and entertainment industry highlight the risks for all businesses in this industry. Stopping ransomware in its tracks helps to avoid costly recovery and containment measures in addition to the types of severe operational disruptions that hit Channel Nine, Funke Group, and Cox Media. Here are some actions media and entertainment companies can take today to thwart ransomware attacks.
Use Anti-Phishing Defenses
Phishing campaigns are a popular vector for threat actors to gain access to a company’s IT infrastructure. By impersonating trusted individuals, hackers can target employees with phony emails or social media messages that get them to disclose passwords or to download malware. Media and entertainment employees often interact heavily with social media, which is becoming a more widespread medium for phishing campaigns.
Anti-phishing defenses can include the use of advanced self-learning email filters that block, flag, or quarantine suspicious emails so that they don’t reach target employees. Another anti-phishing defense is to conduct simulated phishing tests to help employees get better at recognizing phishing attacks. Simulated phishing may be particularly helpful for social media phishing.
Large numbers of employees play a part in producing any movie or television show, running a live broadcast, developing video games, and printing newspapers. Since content is the most valuable asset in this industry, the intersection between large numbers of employees and sensitive content requires strong access management. Media and entertainment companies must implement identity and access management best practices, including privileged access management, least privilege access, multifactor authentication, and access lifecycle management.
Leverage Artificial Intelligence
Artificial intelligence continues to evolve and play an increasingly important role in cybersecurity. AI can be used within several types of cybersecurity tools to detect and prevent ransomware. From email filters that leverage machine learning to intelligent user monitoring, AI can help to thwart ransomware before the dreaded encryption or data exfiltration events that cause the bulk of the damage from these attacks.
If there is one overarching message from this article, it’s that media and entertainment companies need to treat ransomware as a high-risk incident that they are exposed to at all times. Recovery can be incredibly painful, so it’s best to get in place the right mindset, tools, and processes to prevent ransomware before it can cause damage.
To learn more about IRONSCALES’ award-winning anti-phishing solution, please sign up for a demo today.