-
Get involved.
We want your input!
Apply for Membership and join the conversations about everything related to broadcasting.
After we receive your registration, a moderator will review it. After your registration is approved, you will be permitted to post.
If you use a disposable or false email address, your registration will be rejected.
After your membership is approved, please take a minute to tell us a little bit about yourself.
https://www.radiodiscussions.com/forums/introduce-yourself.1088/
Thanks in advance and have fun!
RadioDiscussions Administrators
Sinclair Acknowledges Ransomware Attack Affecting Their Former Seattle Radio Stations
- Thread starter medev
- Start date
Not sure if it's related, but early this morning my Verizon Internet went out several times (I didn't even get a dial tone on its VoIP-based telephone line), and WNYC's feed of BBC World Service kept glitching.
How would a ransomware attack to a Seattle TV station be related to your Verizon ISP?
VoIP means Voice over IP. If there's no IP, there's no voice.
It could be associated with a spate of DDOS attacks, affecting network reliability.
As long as Windows is the backbone of digital operations anywhere, this is going to be an ongoing problem for the foreseeable future.I don't get why radio/TV automation/management systems don't use a security-enhanced, proprietary Linux base system so the ransomware can be stopped at the gate.
Still don't understand how you could make the connection with what happened at KOMO TV.
Mac's and machines with Lynux OS get hit too.
Ransomware locks down important file folders. Has little to do with the operating system being used. The way the vast majority of ransomware attacks occur is; if some employee clicks on the wrong E-mail link, opens a file sent by a Facebook 'friend', or sticks an infected USB drive in their work machine.
Actually, to even function, it kinda does. I'll explain.
You see, for the ransomware to know what files to lock down, it first has to know which OS it's dealing with in order to know where all the necessary files are to infect/create to gain control of your computer. And it has to know the common pathways are to each file. This differs between Windows and Linux.
It cannot think this on it's own. This information has to be pre-programmed into the source code of the ransomware itself. And the typical OS of choice for ransomware is Windows. Because it's so ubiquitous and universally share the same file structure. If you're a ransomware creep and you want to get the most return from your scam, you want to infect as many computers as possible, This can only be done on a mass scale with Windows computers.
That's why the operating system matters and Windows ransomware doesn't work in Linux and vice-versa. Both systems are completely different in both their language and file structure.
That's not to say there isn't Linux/Mac malware/ransomware in the wild. There is. But because of the extra security hoops of Linux, it's still extremely rare because it still can't get very far. For Linux malware to get into your core system to access your files, you have to give it I.T. level root access permissions.
So if somebody in sales clicks on that irresistible "TRIPLE YOUR SALES OVERNIGHT!!!" email attachment, they will only get a prompt for a system admin log-in warning if the attachment contains system modification instructions for Linux. And if the user doesn't have root level system access, the file is unusable. Which will automatically give away what it is because any untainted, standard file won't do that. And the whole thing can be contained, right there.
Windows is a sieve because nearly all kinds of ransomware/malware instructions look for that ubiquitous C:\WINDOWS\ file to begin their dirty work. It's the most popular OS. And that's why it's such a target. Core system files used to execute the ransomware are found in exactly the same places across all Windows systems. It's the fatal flaw that's even making Microsoft yell uncle and embrace Linux.
In security enhanced, proprietary versions of Linux. (Not the free consumer garden varieties out there like Ubuntu or Debian, I'm talking about the high end kind you'll need a massive team of professional system developers to create via a license), you could change the entire system and kernel itself completely to customize it into a proprietary systemwide OS, encrypted on every level from music servers to receptionist desks. It's what Oracle does. That could only run on specific proprietary security enhanced hardware, if you like extra layers, too.
And as long as the proprietary source code remains a guarded corporate secret that would make the Coca-Cola formula and KFC chicken look like Jell-O recipe ads in Better Homes & Gardens, everything should be fine. The tech is already here.
The trouble with that though is such a elaborate system won't be cheap and it will probably take several years to develop into something professional major-market cluster grade. And since what I've described would be (and not just theoretically, but is) a complete, in-house OS of itself (not a prefabricated patchwork of Windows computers and servers), specifically designed top to bottom for broadcast media, it would need constant ongoing upgrade and development.
So there's another brand new sub-industry within an industry. Just bustling with tech jobs nobody ever saw coming 20 years ago.
But seriously, if the suits were smart, they'd get right on it and put together a team with a mission. Media of any kind, especially radio, can't afford this. And consumer grade solutions like Windows won't do anymore.
I'll grant you that statistically speaking, Windows is the most attacked by ramsomware, but that's only because Windows is the leader in business-oriented applications. Most of the modern ransomware is much more sophisticated than the old days of only targeting Windows OS. North Korean 'WannaCry' was one of the forerunners of the new generation ransomware. The first thing it did, was identify the file and database structure of the host OS, then started locking down blocks of folders with what appeared to be financial or credit card data. The Target stores attack was one of the first impactful, as they were running a Linux-based (CentOS) Point of Sale system.
The Sony 'WannaCry' attack was directed against a production 'Post House' contractor, who had been providing editing for the movie "The Interview". That post house were all Mac's.
The point being: Even if every business application converted to run on a Linux OS, the bad guys would easily adapt. The business of Ransomware is not going away anytime soon. Companies and organizations need to adapt their workflows, including shutting down USB ports available to employees, or the risk of being held-up, will always be there. Needless to say, that still doesn't prevent someone on the inside of a software manufacturer like SolarWinds, from embedding ransomware inside a software update push to customers.
Last edited:
What's the status of everything as of now? I noticed on Monday night that KATU seemed a bit different, as they weren't running their normal format. For instance, they usually don't have traffic reports in the evenings, and their news clock seemed a little off. It seems the biggest impact at the moment to KOMO radio is they can't seem to access network feeds. For instance, noteably missing from KOMO's schedule last night were the health update from NBC News Radio, and the consumer tip, those slots were instead filled with commercials. I noticed the TV newscasts have limited sounds the last couple of evenings.
I heard a bit of John Carlson on KVI this morning (I scan all the talk shows in the morning for as long as I can stand listening), and he summed up their tech situation in the studio with this: "It's like doing radio back in 1950 again."
Last edited by a moderator:
Do the networks still provide satellite feeds, or is everything done through the Internet now?
Depends on the network.
Call KATU and ask.
In any kind of ransomware or viral attack, the first thing you need to do is lock down all PC's or file-based systems which could be infected. That can include any and all servers or play-to-air machines running on a production network. When I say locking-down, that means shutting them off and physically disconnecting them from the network. Each machine or system needs to be scanned and potentially rebuilt, or literally junked and replaced with new. Given manufacturers like Dell are quoting 14-16 weeks delivery on workstations and some servers, missing things like sound file playout could be a while longer.
The difference with ransomware vs. old fashioned viruses, is ransomware embeds itself in multiple places and applications, including sound files within a PC or server. Just running a antivirus scan isn't going to find some of the entire infection, which could lead to the ransomware re-replicating itself across a newly built network or machines and applications.
I'm glad that my Amiga 2000 with a Video Toaster card can't get hit with ransomware.
Whew! For a second there I thought you might say the same about a VIC-20!
- Status