[BreachExchange] Media Comms Giant Says Ransomware Hit Will Cost Millions

Wed Nov 4 10:47:24 EST 2020

https://threatpost.com/media-comms-giant-ransomware-cost-millions/160904/

Aussie firm Isentia said “remediation and foregone revenue” could
total $8.5 million AUS or more.

Media communications giant Isentia is reporting that its coffers will
be emptied of as much as $6 million ($8.5 million AUS) in the wake of
a ransomware attack last week.

The company is a media-intelligence and data-analytics firm
headquartered in Australia, with a presence throughout Southeast Asia.
It’s known for its Mediaportal platform, which aggregates news about
customers’ brands and is used by public relations and marketing teams
globally. According to its website, customers include a variety of
major clients, including the Australian government, Singtel, Samsung
and the Walt Disney Corp.

Isentia said that remediation costs and lost business stemming from
its systems being locked up by the attack will create a big hit to its
bottom line for fiscal year 2021, with an estimate that this will
total $7 million to $8.5 million AUS.

CEO Ed Harrison however said that “it is difficult to fully assess the
impact on our FY21 pre-tax earnings” given that the estimate is based
on an ongoing assessment of the incident – so the amount could be
revised upward.

In a statement issued on Tuesday (obtained by Bitdefender), the firm
also said that the attack happened as the company was transitioning to
a new debt facility with the Commonwealth Bank of Australia (CBA),
meaning that the timeline for the drawdown of the CBA facility has
been elongated – potentially also affecting its earnings results.

The ransomware attack happened on Oct. 27, after which the Mediaportal
was downed, both for customers and staff. Workers resorted to
preparing media reports manually, according to reports. The company
and the Australian Cybersecurity Centre both quickly confirmed the
attack.

“The impact of Isentia, a media-monitoring firm, being hit by a
cyberattack demonstrates the interconnected world of national
cyber-defense,” said Steve Forbes, government cybersecurity expert at
Nominet, via email. “While a media-monitoring firm wouldn’t typically
be considered part of critical infrastructure, its work with many
government departments and large organizations – such as the
Australian Stock Exchange – [was] put on hold due to the cyberattack.”

In Tuesday’s notice, it said that Mediaportal has been restored, while
other IT systems are still inaccessible. “Key elements of our
services” are being restored each day, according to Harrison, and the
company is “making good progress.

There’s no word on which ransomware was behind the attack, or what the
initial infection vector was.

“This incident also reminds us of the importance of vetting third
parties in terms of their cyber resilience,” Forbes said. “While the
full details of this particular security breach are yet to emerge,
best practice advice is to ensure third parties have at least similar
practices and procedures as your own to keep sensitive data safe.”

The news comes as ransomware attacks continue to crest, particularly
in attacks against hospitals, and helped along by tools like an
exploit for the Zerologon bug.

In a warning last week, the Cybersecurity and Infrastructure Security
Agency (CISA) said it was tracking mass ransomware activity, as well
as the use of the malware Trickbot against healthcare facilities.