Internet connected devices are the current rage among businesses and corporations alike. However, the various, far-reaching drawbacks associated with connecting every system and machinery with the Internet are being continually ignored by organizations.
KQED, a prominent public TV and radio station in San Francisco, is an example that shows how badly a corporation suffers when ransomware hits these internet linked devices. KQED has been trying to recover from the damages of a huge ransomware attack since over a month, but still many of its systems have failed to respond.
The San Francisco Chronicle reported that the station received a massive ransomware attack on June 15. The attack and its incurred damages are so severe that it has been “bombed back to 20 years ago, technology-wise” as per the analysis of one KQED’s senior editor Queena Kim.
It is being said so because, after the attack, the station’s computer systems’ hard drives got locked, station’s internal email server went offline and pre-recorded segments were totally wiped out. For over 12 hours the online broadcast of the station remained offline, and official Wi-Fi connection also went offline for many days.
However, the FM broadcast of the station was not interrupted. Due to the yet irreversible damages, the station is operating by manually printing and distributing scripts while broadcasters are using stopwatches instead of content management system for generating timestamps. Furthermore, the station’s technical support staff disconnected all devices, tools, and machinery connected to the internet to restrict the infection.
Experts believe that this attack cannot be linked with Petya, a cyber-sabotage tool attacking corporate entities across Europe including high-profile firms FedEx and Maersk. FedEx said earlier that the company is still suffering the aftermath of Petya attack and might cause permanent damage to their Key Systems.
However, this particular ransomware, which attacked KQED, proved to be incredibly devastating for the station since the attackers demanded thousands of dollars for returning a single encrypted file bringing the total cost of decryption to millions of dollars.
Attackers demanded 1.7 Bitcoin (approx. $3,637) per encrypted file, and there were tens of thousands of encrypted files. The ransom amount was way higher than the station’s annual revenue of $71.6 million. The station was unable to pay such a hefty sum for the data, and hence, it resorted to its technical support staff to resolve the issue.
The whole experience has been a challenging one for KQED. According to its executive editor Holly Kernan, it was an “astonishing” experience that showed then the kind of changes required to “make going forward” easier. Kernan stated that they had learned a lot from this attack such as they need to have “separate networks in different parts of the organization so that we’re all working in a more secure environment.”
It is indeed upsetting that despite having embedded latest technology, up-to-date antivirus system, updated firewalls, a number of reliable malware detection programs and email scanning software, the station could not thwart the attack.
This means malware developers are well-aware of the currently available tools and software that could help in containing ransomware attacks and that’s why they are coming up with bigger and more dangerous software to attack organizations and mint money.
The attack has been reported to the FBI, and the station is busy in rebuilding the lost systems and making its network secure enough to avoid future malware attacks. However, the FBI has a history of encouraging victims to pay the ransom, therefore, one should not expect much from the investigations.