Ransomware attack knocks TV station off air

ABC News 24 said that programming was affected due to the incident

tv satellite dish
Credit: Thinkstock

On Monday, The ABC had to suspend programming out of Sydney, Australia and move broadcasting to Melbourne after their network was targeted by Ransomware. The malware prevented normal operations, resulting in ABC News 24 going off air for just over 30 minutes.

In a statement, ABC said:

"There was an IT security issue this morning which affected some of the ABC's broadcasting systems and created technical difficulties for ABC News 24. As a result we broadcast stand-by programming from 9.30am before resuming live news broadcasts from Melbourne at 10am. We are now operating normally."

The CryptoLocker-like malware was delivered to other public institutions outside of the news agency, including Telstra and Energy Australia. Staffers at ABC were Phished by fake Australia Post emails reporting a failed delivery. The Phishing emails themselves are rather simple in nature, but effective nevertheless, given that programming was suspended while IT responded to the attack.

According to the Australia Post, the Australian Communications and Media Authority had warned them of new Phishing sites operating out of Russia. It's been suggested that these domains were responsible for the attacks against The ABC, as well as other organizations within the country.

It isn't known what family of Ransomware is being used in the Australian Post scam, but the odds are good that it's CryptoWall.

Last month, researchers from Barracuda Networks found new CryptoWall samples, digitally signed with legitimate certificates issued by Comodo.

In their report, Barracuda said that several websites were targeted by the new CryptoWall variants, including the Hindustan Times; Israeli sports news site one.co.il; and codingforums.com.

Since it emerged on the Web in late 2013, CryptoWall has been called "the largest and most destructive ransomware threat on the Internet."

There's a good reason for such claims. Prior to the new developments on CryptoWall, researchers from the Counter Threat Unit (CTU) at Dell SecureWorks said that the malware had infected more than 600,000 systems in the first half of 2014, holding some 5 billion files hostage.

Such a reach means that the gang behind the Ransomware campaign earned upwards of $1 million.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.