U.S. Radio and TV Station Still Reeling From Ransomware Attack One Month Later

A ransomware attack can have a long-lasting effect on any individual or company. KQED, a U.S.-based public radio and TV station, suffered a ransomware attack about a month ago. To this day, the group is still trying to fully recover from the aftereffects. KQED was not entirely prepared for this, especially when considering that the attack took its radio stream offline for 12 hours.

Never Underestimate Ransomware Attacks

The people who work for KQED will never look at a ransomware attack in the same manner. The group was not prepared to deal with a major cyber attack. Considering how this ransomware attack took place back on June 15th, one would expect the company to be fully back up and running once again. However, they are still reeling in the aftershock of the attack.

What made this particular attack so troublesome is how quickly it spread to other computers connected on the same network. It even took the live radio stream offline for half a day, which is disastrous for any public radio and TV station. The San Francisco-based station alerted the FBI of the cyber attack the same day, and after a thorough investigation, an unknown type of ransomware was identified as the main culprit.

At the time of the attack, KQED was asked to pay a 1.7 Bitcoin ransom to receive the decryption key for this malware. This amount of money was never paid, which was a smart decision. There is no reason to pay ransom during a cyber attack, as the developers cannot guarantee that they will allow victims to decrypt their files. There have been multiple incidents during which victims have paid a ransom and never received the decryption key in the end.

What makes this incident noteworthy is that KQED is still recovering from this cyber attack an entire month after the fact. All of the affected computers had to be wiped clean, meaning that some data may have been lost in the process. Not all of the affected computers are in operation right now, as some devices still suffer from the attack. Whether or not this is due to IT staffers being unsure what to do or the ransomware being particularly nasty remains to be seen.

The U.S. radio and TV station was forced to shut down their wireless network for several days. Their email server was offline for nearly a full two weeks. Broadcasts had to be moved and recorded at a different studio while all of these issues were being resolved. To make matters worse, new employees were unable to start their jobs because new access cards could not be issued. In all, this ransomware attack was one of the most severe we have seen to date.

Even today, the station has no idea how they got infected with ransomware in the first place. It appears that June 15th of 2017 was a notorious day for ransomware attacks, with various universities suffering from similar attacks. It is possible that all of these incidents were a direct result of the same ransomware being used, but that has not been officially confirmed. This is surely not the last time we will see such cyber attacks cripple radio and TV stations.