National Public Radio member station KQED 88.5 suffered the ransomware infection back in mid-June. The station is still broadcasting, but had to unplug most of its internet-connected devices in an effort to contain the attack.
“It’s like we’ve been bombed back to 20 years ago, technology-wise,” Queena Kim, a senior editor at KQED, told the San Francisco Chronicle.” You rely on technology for so many things, so when it doesn’t work, everything takes three to five times longer just to do the same job.”
How it happened
The ransomware infection began to spread throughout the radio station’s computer systems on June 15th. The station’s email server stopped working shortly thereafter.
Station managers then took KQED’s online broadcast offline while they investigated the attack. They discovered the ransomware as well as a digital ransom note demanding 1.7 Bitcoin (approx. $3,637) for each encrypted file. The ransomware infected tens of thousands of files, so paying the ransom was not an option.
To prevent the ransomware from spreading, they disconnected most internet-connected devices and urged employees not to turn on any machines running Microsoft Windows.
The ongoing outage has seriously disrupted the station’s normal flow of daily business operations. Without web connectivity, broadcasters have no choice but to print and distribute scripts manually. They also need to time their segments using a stopwatch instead of using their web-connected content management system. They’ve also been forced to film many of their televised newscasts at a different location.
“We’ve basically been putting everything together with duct tape for a month,” Marisa Lagos, who covers state politics for KQED, told the San Francisco Chronicle. “From an outside point of view, we really made it work. But what our listeners don’t know is that people have been doing really crazy things to make sure no one notices that anything is wrong.”
How to prevent a ransomware attack
Email domain authentication technology could help businesses defend themselves against ransomware like the type that infected KQED. But organizations should also focus on ransomware prevention by training employees on how to avoid phishing email scams and strengthening their patch management procedures.
It’s also important to back up critical data in case all else fails. With the right backup and recovery system in place, you’ll never need to pay a ransom to cybercriminals.