French Broadcaster M6 Recovering From Ransomware AttackTelevision and Radio Stations Continued to Operate Without Interruption
The M6 Group, France's largest media holding company, is continuing to recover from a ransomware attack that reportedly crippled some of its internal systems, although its radio and television stations continued to operate without interruption.
See Also: How to Defend Your Attack Surface
M6 Group confirmed in a tweet that it sustained a ransomware attack on Saturday morning. Fast action by the company's cybersecurity team enabled the television and radio stations to keep broadcasting, the company said.
Le Groupe M6 a été la cible samedi matin d'une attaque informatique malveillante. L'intervention rapide et efficace de nos experts en cybersécurité a permis de continuer à assurer la bonne diffusion des programmes sur l'ensemble de nos antennes TV et radio.— Groupe M6 (@M6Groupe) October 13, 2019
French newspaper L'Express reported that the attack led to a significant disruption of the company's systems, with several files encrypted. The company is continuing to recover, the newspaper reported.
M6 Group did not disclose the identity of the threat actor or if any ransom was paid.
A company spokesperson told L'Express that the attack affected the firm's antenna and newscast system. The attack also disabled M6 Group's internal landline and email connection, hindering communication among employees, L'Express reports.
In a similar incident, the U.S-based Weather Channel was attacked with malware in April and forced off the air for about 90 minutes. Although never confirmed, it appears that attackers hit the channel with ransomware (see: Today's Forecast: Cloudy With a Chance of Malware).
Other Media Attacks
Back in 2015, Fancy Bear, the Russian hacking group, targeted French broadcaster TV5Monde (see: French Officials Detail 'Fancy Bear' Hack of TV5Monde ).
The attack affected TV5Monde's IT systems, forcing 12 TV stations to go dark. The attack also hijacked its social media channels to spread jihadist propaganda messages, the company said.
According to an investigation launched by ANSSI, France's national cybersecurity agency, the attackers took advantage of the broadcaster's Active Directory system and created their own admin-level credentials that allowed them to gain access to routers, switchers and other parts of the internal network.
France only accounts for a small number of ransomware incidents around the world, according to an analysis released Tuesday by security firm Emsisoft. Researchers studied data related to ransomware attacks between April 1 and Sept. 30, and found that France accounted for only about 5 percent of all these incidents worldwide.
Indonesia, India, the U.S., Brazil, South Korea and Egypt are much larger targets for ransomware attacks, according to the report (see: Ransomware Attacks: STOP, Dharma, Phobos Dominate).
In an earlier report, Emsisoft noted that more than 600 ransomware attacks targeted local governments, school districts and healthcare providers across the U.S. in the first three quarters of this year (see: Just How Widespread Is Ransomware Epidemic? ).
On Monday, U.S. mailing equipment manufacturer Pitney Bowes revealed that it was hit by file-encrypting malware, disrupting customers' ability to use many services. But the firm says that no client data appears to have been compromised (see: Pitney Bowes Says Ransomware Behind System Outages).