[BreachExchange] Radio station WMNF victim of ransomware cyberattack

Destry Winant destry at riskbasedsecurity.com
Fri Jul 19 09:31:20 EDT 2019


https://www.tampabay.com/breaking-news/radio-station-wmnf-victim-of-ransomware-cyberattack-20190717/

Tampa-based community radio station WMNF 88.5-FM is stepping up
cybersecurity after its computer systems were hobbled by
ransom-seeking hackers last month.

Interim general manager Cindy Reichard said the ordeal began June 18
when a programmer noticed a computer in one of the studios was acting
strangely.

The station then received a digital message: Your files have been
encrypted. Pay us, and you can have them back.

It’s known as a ransomware attack, a common form of cyber crime where
hackers install malicious code rendering a victim’s data useless until
they pay for a digital key to decrypt it.

ADVERTISEMENT

The station did not pay the ransom, and instead reported the attack to
the Florida Department of Law Enforcement.

“FDLE told us that a lot of times you pay and you still don’t get your
data back anyway,” Reichard said.

The hack did not affect any sensitive data, such as donor information,
payroll or any financial documents, Reichard said.

RELATED: Rob Lorei reinstated as news director at WMNF after appealing firing

The ransomware did infect a new AudioVault system where the station’s
audio archives were stored, along with pre-recorded promos played
between songs and other audio files. The promos were being recreated
on CD, and in the meantime hosts could resort to reading them live.

Archived episodes of the station’s news and public affairs programming
may be lost permanently.

The station has sent the affected server off to a local data recovery
company to see what, if anything, can be salvaged.

The ransomware also took down the station’s live HD broadcasts. Those
signals have instead been broadcasting pre-recorded shows. Those with
radios that display what song is playing may have noticed their
screens stuck reading "Derek and the Dominos" when tuning in to WMNF
since June.

Otherwise, listeners would not have heard anything unusual, though the
attack has caused small difficulties behind the scenes. The lost files
include all of the blank forms the station uses for various office
purposes.

Reichard was unsure how much money the hackers demanded.

“It depends, because you have to tell them which files you want to get
back,” she said, but the station ultimately chose not to engage at
all.

Reichard said investigators told her the ransomware could have
originated in Russia.

“We don’t really know for sure, other than it came through the
AudioVault,” she said. “It could have been sitting in a file for a
long time and someone did something that triggered it. Or it could
have come in with some music we downloaded.”

She estimated the situation will cost WMNF $5,000, and possibly more,
between the data recovery work and the upgrades to security.

Ransomware in recent years has affected individuals, businesses and
municipalities. Major cities such as Baltimore and Atlanta fell victim
in 2018. In Florida, Riviera Beach and Lake City were so crippled by
recent attacks they paid more than $1 million in combined ransom.

Public radio stations have been targeted. In 2017, San Francisco NPR
station KQED was hobbled for months by an attack that forced one of
the nation’s largest public media companies to shut down its entire
computer network to prevent the ransomware from spreading.

An FBI guidance document says the U.S. government “does not encourage
paying a ransom to criminal actors,” because it could “inadvertently
encourage this criminal business model.”


More information about the BreachExchange mailing list