Learning from Entercom’s Ransomware Attack

| September 17, 2019

by Steven J.J. Weisman
Legal Editor
TALKERS magazine

 

BOSTON — Although not officially confirmed by the company itself, numerous reports indicate that media giant Entercom Communications has suffered a ransomware attack by unknown cybercriminals demanding a reported $500,000 ransom that the company is refusing to pay.  One of the more interesting aspects of this ransomware attack is the amount of the demand, which is much higher than most ransomware demands.  According to security company Coveware, the average demand this year is $12,762 — double the average demand in 2018.

Entercom is the third national radio company to be hit by a ransomware attack this year following Townsquare Media and Radio One.  In addition, numerous individual radio stations have been victims of ransomware this year.

Though it’s reported Entercom is choosing not to pay the ransom, the cost of repairing the damage will exceed the cost of paying the ransom.   Radio One paid $500,000 to repair the damage when it was victimized by a ransomware attack, which also resulted in a large amount of lost advertising revenue.

Ransomware is the name for malware that once installed on a computer, often unwittingly through clicking on links in spear phishing emails, encrypts and locks all of the victim’s data.  The cybercriminal then threatens to destroy the data unless a bounty is paid.  In 2017 we experienced two massive ransomware attacks against millions of computers around the world.  These were the infamous WannaCry and Peta ransomware attacks. The City of Atlanta became a victim of ransomware when some of its systems were frozen using the infamous SamSam family of malware that has been used successfully against a number of companies and municipalities.

In its 2018 Data Breach Report, Verizon gathered data from 65 organizations in 65 countries and found that ransomware, only the 22nd most common malware in 2014, is now the number one most common malware used by cybercriminals.  Recently, it was revealed that 23 municipalities in Texas were victimized by simultaneous ransomware attacks by a single hacker.

The increase in ransomware attacks may be partially due to the availability of ransomware malware for purchase on the Dark Web — that part of the Internet where cybercriminals buy and sell goods and services.  The more sophisticated cybercriminals who create the ransomware malware are selling their ransomware to less sophisticated cybercriminals who use it against a wide variety of victims including government agencies, hospitals, businesses, and individuals.

Ransomware is a very real threat to all businesses and it appears that radio stations and other entertainment companies are now being specifically targeted.  The threat to you is quite real.

Like all malware, ransomware must be downloaded on to your computer in order to cause problems.  Because ransomware attacks as well as most other types of malware attacks are spread through phishing emails that lure unsuspecting people into clicking on malware infected links or downloading attachments tainted with malware, you should never click on links in emails or download attachments unless you have absolutely confirmed that the email is legitimate.

You also should update all of your electronic devices with the latest security updates and patches as soon as they become available, preferably automatically.  Many past ransomware attacks exploited vulnerabilities for which patches had already been issued.   The No More Ransom Project has a website that provides decryption tools for some of the older versions of ransomware that are still being used.  Here is a link to their website.  It is important, however, to remove the ransomware before downloading and using the decryption tools.  This can be done using readily available antivirus software.  It is also important to remember that even if you have the most up-to-date security software on your computer and phone, it will not protect you from the latest zero day defect ransomware malware which is malware that exploits previously undiscovered vulnerabilities.

Another precaution you should follow is to regularly back up all of your data on at least two different platforms, such as in the Cloud and on a portable hard drive.

Cybersecurity should be a prime concern of everyone and with this major attack on Entercom, you have been warned.

Steven J.J. Weisman is a practicing attorney, legal editor for TALKERS magazine, a professor of Media Law at Bentley University in Waltham, Massachusetts and publisher of the website www.scamicide.com.  He can be e-mailed at: stevenjjweisman@aol.com.  Steven J.J. Weisman is available as a guest to discuss legal matters and the subjects of identity theft and scams.

Tags: , , , , , , , , ,

Category: Legal