Malaysia’s largest media company allegedly suffered a ransomware attack that affected its ability to use its in-house email system.
Anonymous sources told The Edge Financial Daily that ransomware attackers struck Media Prima Berhad, a media giant which operates businesses in television, print, radio, out-of-home advertising, content and digital media. According to those unnamed individuals, bad actors infected the company’s email system with an unknown strain of ransomware on 8 November. They then demanded a ransom payment of 1,000 bitcoins in exchange for the decryption key.
At the time of this writing, a Bitcoin was worth $5,541.37. The attackers therefore allegedly demanded $5,541,370 for Media Prima Berhad to regain access to its email system.
If real, this amount wouldn’t be the highest demand ever placed by ransomware attackers. For instance, a report obtained by The Atlanta Journal-Constitution and Channel 2 Action News estimated that the City of Atlanta might end up paying a total of $17 million to clean up a SamSam infection. That attack affected 424 of the City’s essential applications and wiped out years of dashcam footage generated by the Atlanta Police Department.
Media Prima Berhad declined to confirm or deny that it had suffered a ransom attack.
Currently, the full extent of the alleged ransomware attack is unknown. One source told The Edge Financial Daily that “the whole Media Prima group’s computer systems have been breached and infected with ransomware….” But another source said the supposed infection was much more limited in scope:
Our office email was affected, but we have migrated to G Suite. They (the attackers) demanded bitcoins, but we are not paying.
This alleged attack highlights the importance of organizations in the media industry and other sectors taking steps to prevent a ransomware infection. Both patching and employee awareness training can go a long way toward preventing a successful attack. Additional best practices can be found here.