ABC’s broadcasting systems Taken Off AIR by Ransomware Attack

ABC News 24 programming was knocked off air for about half an hour by a ransomware attack

The Australia’s public broadcaster (ABC) had to broadcast stand-by programming this Monday for about half an hour from 9:30am to 10:00am before resuming live news broadcasts from Melbourne due to a ransomware attack on its main server.

“There was an IT security issue this morning which affected some of the ABC’s broadcasting systems and created technical difficulties for ABC News 24,” it said in a statement. 

As per the reports available, a widespread phishing campaign which contained CryptoLocker like Ransomware was the reason behind the outage.  As per preliminary reports the Ransomware infected the work stations of some of the employees of ABC News 24 Broadcasting.  A resultant encryption of the system and other files rendered the ABC News helpless for half hour till its security team decrypted the ABC systems.

The email containing the CryptoLocker type ransomware is spreading far and wide in Australia.  As of now, big corporations like Telstra, Energy Australia and various other public institutions are also said to be affected by a similar phishing attack. 

What is Crypto-ransomware?

Cryptomalware affecting Australian users is from Cryptolocker family.  This malware is typically propagated as an attachment to a seemingly innocuous e-mail message, which appears to have been sent by legitimate company.  Once the attachment to the email is opened, the payload in the attachment gets executed.  Once the malware is executed, it encrypts data on the computer and demand for a ransom from the user for the decryption keys.

How the Crypto-ransomware spread in Australia?

Australia, users are sent emails that typically look like they came from local companies such as an Australian energy supplier (view a bill) or an Australian postal delivery company (details of parcel delivery), Symantec said.

The email carries a link to follow, which takes the victim to a phishing website looking exactly the same as of theme of the scam. Once on the cloned website, the victim is asked to follow procedures to download a zip file.  Once the zip file link is executed, the payload containing the malware is delivered and executed on the victims machine.  It thenlocks down the computer and asks for a ransom. 

According to Symantec, Australia is seeing a 1,300% surge in Crypto-ransomware attacks however they are not the only country being targeted. A recent report from security researchers at Barracuda Networks stated that several news/media websites were targeted by the new CryptoWall variants, including the top Indian publisher, Hindustan Times, top Israeli sports news site one.co.il; as well as top online forum, codingforums.com.

While CryptoLocker may have been one of the most effective and destructive malware of its kind the techniques used to spread it, however, are not particularly sophisticated. If users remains cautious and avoids emails containing scams or any tempting links which may lead them to a phishing website, they are good to be safe.