“I imagine they were ready to restore from the back-up and clearly they did so rapidly”
One of France’s largest privately-owned media groups, M6, has survived an apparent ransomware attack relatively unscathed – managing to keep its TV and radio broadcasts running with no down-time, despite servers being hit.
In a post on Twitter the M6 Group said it has been the subject of a ‘malicious computer attack’ that sought to bring its systems down.
The attack has widely been reported to be a ransomware attack, although M6 has not confirmed this. M6 praised the “quick and efficient intervention of our cybersecurity experts” for its ability to keep operating during the attack.
In a further post it says that: “All the Group’s teams are mobilized to restore the proper functioning of all our equipment and IT resources.”
French newspaper L’Express is reports, however, that as of yesterday the company’s phone and e-mail services are still unusable and employees have resorted to using their personal devices to communicate with each other.
The incident is just the latest in what appears to be a fresh wave of ransomware attacks striking European industry, with Finnish oil refiner also understood to have been hit this week.
The M6 group, via its subsidiary M6 Web, operates its own hardware, much of which is housed within two data centres: Paris’s Telehouse Voltaire and Equinix Saint-Deni.
(Of its infrastructure, the M6 group states that: ”An autonomous system (AS30972) ensures ideal connectivity for our visitors with direct links (peering) between our network and those of major Internet players (mainly European) backed by international transit links of NTT Communications, Tinet, Cogent Communications, Tata Communications and Neo Telecoms.”)
Details have yet to emerge about the precise ransomware strain.
Ransomware Attacks On the Rise as M6 Group Hacked
Ransomware is an attack where a hacker infects a system with malicious code that shuts out the original users, which is followed by a payment demand to release the locked files and system. Often threat actors will request a payment in the form of a cryptocurrency due to its untraceable nature.
A recent report from California-based cybersecurity firm SonicWall found that ransomware attacks in the UK have increased by 195 percent in the first half of 2019. In its report SonicWall discovered 74,360 ‘never-before-seen’ malware variants.
It also found that;
- Ransomware volume was up 15% globally year to date
- Encrypted threats spiked 76%
- IoT malware attacks were up 55%
- Malware attacks across non-standard ports dipped 13%
Jake Moore, Cybersecurity Specialist at ESET commenting on the attack of the M6 Group said: “Rarely does a ransomware attack story have such a positive outcome… Companies who demonstrate a simulation attack are far less likely to suffer long term should the real deal occur. I would imagine they were ready to restore from the back-up and clearly they did so rapidly. I would always recommend testing the restore process, as this is where so many ransomware victims fall over.”