Cybercrime , Fraud Management & Cybercrime , Ransomware

French Broadcaster M6 Recovering From Ransomware Attack

Television and Radio Stations Continued to Operate Without Interruption
French Broadcaster M6 Recovering From Ransomware Attack

The M6 Group, France's largest media holding company, is continuing to recover from a ransomware attack that reportedly crippled some of its internal systems, although its radio and television stations continued to operate without interruption.

See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing

M6 Group confirmed in a tweet that it sustained a ransomware attack on Saturday morning. Fast action by the company's cybersecurity team enabled the television and radio stations to keep broadcasting, the company said.

French newspaper L'Express reported that the attack led to a significant disruption of the company’s systems, with several files encrypted. The company is continuing to recover, the newspaper reported.

M6 Group did not disclose the identity of the threat actor or if any ransom was paid.

A company spokesperson told L'Express that the attack affected the firm's antenna and newscast system. The attack also disabled M6 Group’s internal landline and email connection, hindering communication among employees, L'Express reports.

In a similar incident, the U.S-based Weather Channel was attacked with malware in April and forced off the air for about 90 minutes. Although never confirmed, it appears that attackers hit the channel with ransomware (see: Today's Forecast: Cloudy With a Chance of Malware).

Other Media Attacks

Back in 2015, Fancy Bear, the Russian hacking group, targeted French broadcaster TV5Monde (see: French Officials Detail 'Fancy Bear' Hack of TV5Monde ).

The attack affected TV5Monde's IT systems, forcing 12 TV stations to go dark. The attack also hijacked its social media channels to spread jihadist propaganda messages, the company said.

According to an investigation launched by ANSSI, France's national cybersecurity agency, the attackers took advantage of the broadcaster's Active Directory system and created their own admin-level credentials that allowed them to gain access to routers, switchers and other parts of the internal network.

Ransomware Returns

France only accounts for a small number of ransomware incidents around the world, according to an analysis released Tuesday by security firm Emsisoft. Researchers studied data related to ransomware attacks between April 1 and Sept. 30, and found that France accounted for only about 5 percent of all these incidents worldwide.

Indonesia, India, the U.S., Brazil, South Korea and Egypt are much larger targets for ransomware attacks, according to the report (see: Ransomware Attacks: STOP, Dharma, Phobos Dominate).

In an earlier report, Emsisoft noted that more than 600 ransomware attacks targeted local governments, school districts and healthcare providers across the U.S. in the first three quarters of this year (see: Just How Widespread Is Ransomware Epidemic? ).

Around the same time, the FBI's Internet Crime Complaint Center issued a warning about ransomware and requested affected organizations to contact law enforcement agencies before paying a ransom.

On Monday, U.S. mailing equipment manufacturer Pitney Bowes revealed that it was hit by file-encrypting malware, disrupting customers' ability to use many services. But the firm says that no client data appears to have been compromised (see: Pitney Bowes Says Ransomware Behind System Outages).

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.