https://radioinsight.com/headlines/180430/entercoms-ransomware-attack-what-we-know-as-of-now/
Security breach under investigation as of this posting.
Security breach under investigation as of this posting.
-
Get involved.
We want your input!
Apply for Membership and join the conversations about everything related to broadcasting.
After we receive your registration, a moderator will review it. After your registration is approved, you will be permitted to post.
If you use a disposable or false email address, your registration will be rejected.
After your membership is approved, please take a minute to tell us a little bit about yourself.
https://www.radiodiscussions.com/forums/introduce-yourself.1088/
Thanks in advance and have fun!
RadioDiscussions Administrators
Entercom hit with a security breach
- Thread starter Y2kTheNewOldies
- Start date
Makes me wonder even if Entercom payed the ransom in full if the attack would be lifted. Also wonder if there is any way this attack could shut down their satellite systems possibly if they were able to get passwords and what not.
The general view from all experts on this subject is there is no upside to paying the ransom.
What "satellite systems" are you talking about?
Satellite? Most radio material is delivered over the Internet now, particularly in the affected areas like music scheduling, email, HR materials, conferencing, traffic (commercial log, not "honk honk" traffic), billing, order entry, music curation.
I've noted a lot of station groups being targeted recently, many times successfully, by ransomware attacks. Townsquare Media a larger, more impacted example.
Over the past couple years I've visited some larger stations that are part of some of the larger groups. During a conversation with one particular GM, I brought up the influx of ransomware attacks on broadcast stations and groups. His response amounted to: Oh I'm sure our engineers or IT folks are aware and careful to protect our operations. During my tour, it was obvious pretty quickly that they were in fact paying little, or no attention to network or IT security. It seems like many traditional engineering departments that have converted their operations to IT-based, haven't paid much attention to the security aspects of setting up their network, nor had developed security-based workflows to prevent IT-related bad things from occurring. Most turn a blind eye to the problem because it hasn't happened to them...yet.
Some of the security measures aren't that complicated nor expensive to implement, but are brushed-off because it involves doing things like disabling the USB ports on office workstations. Most engineers are against doing so, because much of the workflow involves bringing in audio (or audio/video) via portable USB drives. Of course, the staffer always plugs that drive into their PC while at home before bringing the potentially infected drive to work.
Over the past couple years I've visited some larger stations that are part of some of the larger groups. During a conversation with one particular GM, I brought up the influx of ransomware attacks on broadcast stations and groups. His response amounted to: Oh I'm sure our engineers or IT folks are aware and careful to protect our operations. During my tour, it was obvious pretty quickly that they were in fact paying little, or no attention to network or IT security. It seems like many traditional engineering departments that have converted their operations to IT-based, haven't paid much attention to the security aspects of setting up their network, nor had developed security-based workflows to prevent IT-related bad things from occurring. Most turn a blind eye to the problem because it hasn't happened to them...yet.
Some of the security measures aren't that complicated nor expensive to implement, but are brushed-off because it involves doing things like disabling the USB ports on office workstations. Most engineers are against doing so, because much of the workflow involves bringing in audio (or audio/video) via portable USB drives. Of course, the staffer always plugs that drive into their PC while at home before bringing the potentially infected drive to work.
I agree, Kelly. The thing that really grinds on me is the national nature of both Townsquare and Entercom's problems.
At least Entercom was smart enough to air gap the on-air systems, but that's not much good if traffic and music scheduling are unavailable for days at a time.
At least Entercom was smart enough to air gap the on-air systems, but that's not much good if traffic and music scheduling are unavailable for days at a time.
As an IT guy (though not in radio), I get frustrated with both the sentiment that we obviously have everything under control and the one that everything is our fault. I know that comes with the job, but it’s still frustrating.
Truth is, aside from making sure all machines have the latest security updates, disconnecting those that don’t need it from the internet, monitoring network traffic, backing machines up often, and training employees, there’s not much we can do. There is no magic bullet to keep hackers out. You have to rely on your operating system to patch holes. You can’t patch most of them yourself. Backing machines up is helpful, but you have to be able to figure out where the problem happened so you restore to before the machine got hacked. Even if you disable the USB ports, someone with a little bit of tech savvy can get a file they need from the home computer to the work machine. It’s just not that hard.
The weakest link is always the employees. You have to make sure they’re trained and that you stay on top of the latest techniques the bad guys are using, but, after that, it’s out of your hands. If a virus or ransomeware ends up on a machine on your network, it can easily perpetuate across everyone’s machine.
Virus scanners don’t really do that much good. All they do is check your files against a list of known bad guys. Once-in-awhile, they help, but the problem is the bad guys we haven’t found out about yet.
I don't know that that is the "general view".
Many companies and municipalities have had to think this out, and many have paid the ransom.
Radio One said they didn't pay the ransom, but the cost to the company was more than the ransom amount.
Radio Insight says that Entercom is not paying the ransom, and that the costs to fix the attack will go well beyond the $500,000. “In its first-quarter earnings report, Radio One indicated that it cost that amount for that company to repair issues connected to its attack in addition to $500,000 to $800,000 in lost advertising revenue,” the publication said.
But if you pay the ransom, then you have to deal with the morality of it....and the though of putting money into criminal hands.
Did it solve the problem? The "general view" is from experts who deal with this stuff, and they say you're welcome to pay the ransom, but don't expect the problem to go away.
In the cases I've heard....surprisingly, yes! Considering you are dealing with unethical criminals. ;-)
I think the "general view" and prevailing thought might be better worded as: "There are no guarantees".
Many have known that, and chose to pay it anyway.
https://news.****************/artic...ffers-Severe-Damage-Across-its-Entire-Network
Here is an update on the Entercom security breach.
Here is an update on the Entercom security breach.
https://www.inquirer.com/business/entercom-radio-hack-ransomware-kyw-20190911.html
Apparently the people under investigation for the Entercom security breach demanded $500k
Apparently the people under investigation for the Entercom security breach demanded $500k
Not to mention the cost of replacing so much IT infrastructure in the effort to purge itself of any potential further malware lurking somewhere.
That's the thing about paying a ransom; you can be sure they've either built in a backdoor ready to shake you down again, or they will sell that backdoor vulnerability to another extortionist for a future attack. They're counting on potential panic from management to get their files and business up and running right away, and that nothing else matters. Once things settle down after paying the ransom and business has returned to normal, management returns to complacency, not wanting to take potential steps (spend more money or alter workflows) to harden their systems from another potential attack.
I'm sorry to say, it's only going to get worse. Stations and groups better come to the realization that all these new conveniences and cost savings of IP-based workflows only mean you spend the same amount somewhere else. Sure, no security methodology is perfect, but it's amazing how many broadcast operations in particular, have put themselves in this position because they resist taking the time, or spending the money or effort to protect themselves.
Last edited:
In lots of cases its a lot easier to pay a five to ten grand ransom than losing out on fifty thousand in revenue over a month or two period itd take to hire someone to ovverride the ransomeware attack.
Assuming that the person to whom you pay that ransom is willing to return access to your files.
Youd have to give them the benefit of the doubt i guess. Personally if i was running a station id ask to speak to the gentelmen on the phone or email address they usually provide first before giving them money.
Your statement is just plain silly.
There is no way to reach these people.
They do not give you a name, email address or telephone number.
They don't want to be identified.
Also the people who do the internet security breaches in some cases are "Rougue Governments" and "Rougue Corporations" depending on which incidents are discussed.
- Status