A report of a ransomware demand on a small market radio broadcaster in Michigan has surfaced. The attack is similar to another one we reported on last week in Louisiana.
Sanilac Broadcasting Co. in the state’s Thumb area says three of its stations were attacked in early September. WMIC(AM), WTGV(FM) and WBGV(FM) suffered data server problems associated with the CryptoLocker virus, which encrypted their database of music files and resulted in dead air.
Stan Grabitz, program director and IT manager for Sanilac Broadcasting in Sandusky, Mich., said the original source of the virus was tracked to a traffic computer that was connected to the Internet.
“We think the virus was obtained either through a malicious email or an unauthorized website visit. It was a mapping virus so it compromised everything on the network, which included the music hard drives,” Grabitz said.
The broadcaster’s iMedia Touch software stopped working when it could no longer read the corrupted files, Grabitz said.
“We couldn’t even open any Word documents on the office computers. It was widespread,” he said.
Grabitz said when he clicked on the infected data files a message displayed that directed him to several Internet links, which in turn demanded $100 to $300 in Bitcoin or some other form of electronic payment for a key to unlock the files.
Bitcoin is a popular Internet currency favored by CryptoLocker attackers to pay ransom to restore files, according to various media reports. CryptoLocker is a ransomware trojan that targets Microsoft Windows operating systems.
“Thankfully I had an offsite backup of all the music files. I retrieved those files and got us back on the air later that same day,” Grabitz said.
Grabitz said Sanilac Broadcasting has taken steps to secure its broadcast systems from outside attacks by adding additional firewalls and limiting Internet access by employees to approved websites and turning off Internet service after normal business hours.