KQED, a TV and radio station in San Francisco, is an example that shows how badly any organization can s uffer when ransomware hits their network. KQED has been trying to recover from the damages of a massive ransomware attack for more than a month.

The San Francisco Chronicle reported that the station received a massive ransomware attack on June 15. The attack was so severe that it has been “bombed back to 20 years ago, technology-wise” as per the analysis of one KQED’s senior editor Queena Kim.

During the attack, the station’s computer systems’ hard drives got locked, station’s internal email server went offline and pre-recorded segments were totally wiped out. For over 12 hours the online broadcast of the station remained offline, and official Wi-Fi connection also went offline for many days.

Experts believe that this attack was not Petya a disk wiper that damaged organizations across Europe including high-profile firms FedEx and Maersk. FedEx says that the Petya malware attacks that infected systems at its TNT unit, which operates in the European Union, will have a negative material impact. FedEx said that it may not be able to recover all affected systems. The company did not have cyber insurance.

Attackers demanded an insane 1.7 Bitcoin (approx. $3,637) per encrypted file, and there were tens of thousands of encrypted files. The ransom amount was way higher than the station’s annual revenue of $71.6 million. The station was unable to pay such a hefty sum for the data so had to basically recreate their network from scratch. Here is a link to a TV clip with the story:  https://youtu.be/4XnABb0aGRo

Not sure yet how the bad guys got in. Phishing is suspected.

Source: KnowBe4 Blog