[BreachExchange] French Broadcaster M6 Recovering From Ransomware Attack

[Destry Winant]

https://www.databreachtoday.com/french-broadcaster-m6-recovering-from-ransomware-attack-a-13262

The M6 Group, France's largest media holding company, is continuing to
recover from a ransomware attack that reportedly crippled some of its
internal systems, although its radio and television stations continued
to operate without interruption.

M6 Group confirmed in a tweet that it sustained a ransomware attack on
Saturday morning. Fast action by the company's cybersecurity team
enabled the television and radio stations to keep broadcasting, the
company said.


French newspaper L'Express reported that the attack led to a
significant disruption of the company's systems, with several files
encrypted. The company is continuing to recover, the newspaper
reported.

M6 Group did not disclose the identity of the threat actor or if any
ransom was paid.

A company spokesperson told L'Express that the attack affected the
firm's antenna and newscast system. The attack also disabled M6
Group's internal landline and email connection, hindering
communication among employees, L'Express reports.

In a similar incident, the U.S-based Weather Channel was attacked with
malware in April and forced off the air for about 90 minutes. Although
never confirmed, it appears that attackers hit the channel with
ransomware (see: Today's Forecast: Cloudy With a Chance of Malware).

Other Media Attacks

Back in 2015, Fancy Bear, the Russian hacking group, targeted French
broadcaster TV5Monde (see: French Officials Detail 'Fancy Bear' Hack
of TV5Monde ).

The attack affected TV5Monde's IT systems, forcing 12 TV stations to
go dark. The attack also hijacked its social media channels to spread
jihadist propaganda messages, the company said.

According to an investigation launched by ANSSI, France's national
cybersecurity agency, the attackers took advantage of the
broadcaster's Active Directory system and created their own
admin-level credentials that allowed them to gain access to routers,
switchers and other parts of the internal network.

Ransomware Returns

France only accounts for a small number of ransomware incidents around
the world, according to an analysis released Tuesday by security firm
Emsisoft. Researchers studied data related to ransomware attacks
between April 1 and Sept. 30, and found that France accounted for only
about 5 percent of all these incidents worldwide.

Indonesia, India, the U.S., Brazil, South Korea and Egypt are much
larger targets for ransomware attacks, according to the report (see:
Ransomware Attacks: STOP, Dharma, Phobos Dominate).

In an earlier report, Emsisoft noted that more than 600 ransomware
attacks targeted local governments, school districts and healthcare
providers across the U.S. in the first three quarters of this year
(see: Just How Widespread Is Ransomware Epidemic? ).

Around the same time, the FBI's Internet Crime Complaint Center issued
a warning about ransomware and requested affected organizations to
contact law enforcement agencies before paying a ransom.

On Monday, U.S. mailing equipment manufacturer Pitney Bowes revealed
that it was hit by file-encrypting malware, disrupting customers'
ability to use many services. But the firm says that no client data
appears to have been compromised (see: Pitney Bowes Says Ransomware
Behind System Outages).