San Francisco's Public Radio Station Hit by Ransomware

If you've never experienced a major cyberattack, you probably don't know how much of a hassle it is to work around. Sure, you've clicked a few spam emails and pop-up advertisements. But a simple sweep of the antivirus and you're good to go, right?

Wrong! Cyberattacks can cripple an organization and make it nearly impossible to get work done. One of the most common cybersecurity challenges plaguing private businesses right now is the ransomware attack.

Take for instance, San Francisco's public TV and radio station KQED. For over a month this public radio station has been battling an especially ruthless ransomware attack.

"It's like we've been bombed back to 20 years ago, technology-wise," Queena Kim, a senior editor at KQED, tells the San Francisco Chronicle.

The initial attack, instigated on June 15th, locked hard drives, deleted prerecorded segments, brought down the station's internal email server for two weeks and crashed the office Wi-Fi for several days. While the FM broadcast has continued uninterrupted, the online broadcast crashed roughly 12 hours following the initial intrusion.

According to The Verge, the ransomware was unusually expensive. The hacker demanded thousands of dollars for the release of each encrypted file. Since KQED is the Bay Area's biggest public radio station, total decryption would cost tens of millions of dollars! KQED has not paid the hacker any extortion fees.

"From an outside point of view, we really made it work," says Marisa Lagos, a KQED political reporter. "But what our listeners don't know is that people have been doing really crazy things to make sure no one notices that anything is wrong."

To keep their business running, KQED employees have had to forego online communications for a more low-tech approach to operations. For example, the newsrooms automated content management system is now operated by a stopwatch.

As The Chronicle points out, the attack "underscores an uncomfortable truth: If KQED, an organization that had up-to-date security systems and an awareness cultivated by routinely producing news stories about cyberattacks, can fall victim to such an attack, most other companies can, too."

Runaway Ransomware
The ransomware attack has undoubtedly been a drag on KQED's operations, but executive editor Holly Kernan sees it as something of a learning experience.

"It definitely showed us what kind of changes we need to make going forward," says Kernan. "For example, we are going to have separate networks in different parts of the organization so that we're all working in a more secure environment."

Similarly, you can protect your business from a colossal security incident by employing separate private networks to serve various sectors of your organization. Here are a few other ways to safeguard your business from ransomware attacks:

  • Train your employees to stop, delete and flag suspicious emails or downloads. Many ransomware attacks are deployed through simple email and download scams.
  • Back up your data using encrypted cloud storage or physical hard drives; that way if your business is attacked, you won't lose access to everything.
  • Keep your software and security features up to date to prevent hackers from exploiting common defense gaps.

Still, the best thing you can do for your organization is purchase a cybersecurity insurance plan. Don't know where to start? Visit CyberPolicy for your free quote today!

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375