In this episode of Broadcast2Post, we’re discussing Ransomware & Security for Media Facilities- bringing together a panel of Post Production specialists and legal advisors- discussing the new security challenges faced by IT and media engineer teams at production companies. We have come across several recent examples of media production companies getting hit with ransomware and suffering the consequences. From locking employees out of the computers to malware finding- and using the customer’s own transcoding and render servers to crypto encrypt their own content. The Key Code Media team had to stop and think- how can we help media facilities identify and solving these new types of challenges? Keeping in mind, even with the perfect security strategy- there is, and will always be a way for hackers to attack companies. Below, we’ll break down the basics of types of cyber-attacks, as well as prevention and remediation strategies for media companies. In the video, we go into much more specifics. Don’t hesitate to contact us– if you need help formulating a solution.
What are the two types of Ransom attacks experienced by media companies?
- Locker Ransom – This type of malware blocks basic computer functions. For example, you may be denied access to the desktop, while the mouse and keyboard are partially disabled. This allows you to continue to interact with the window containing the ransom demand in order to make the payment or to use them for “help”. Apart from that, the computer is inoperable. But there is good news: Locker malware doesn’t usually target critical files; it generally just wants to lock you out. Complete destruction of your data is therefore unlikely. This typically is browser-based, and the goal is to get access to your machine remotely.
- Crypto Ransom – The aim of crypto-ransomware is to encrypt your important data, such as documents, pictures, and videos, and leaving the basic computer functions alone. This spreads panic because users can see their files but cannot access them. The media doesn’t play. Projects are locked uptight. Crypto developers often add a countdown to their ransom demand: ” pay the ransom by the deadline, all your files will be deleted.” Consequently, many victims pay the ransom simply to get their files back. In media environments, we depend upon shared storage to facilitate creative collaboration. One system can take down all your media storage.
What are the ways media companies can prevent Ransomware attacks?
- Corporate Wide Policies – Firewalls, Passwords, Two-Factor Authentication- email security, malware detection, and destruction- keeping networks ‘air gapped’ or separated. These are the common-sense approaches to keeping the hackers out. Phishing attacks are not only common but more sophisticated these days
- External Media Scanning – A single computer, not connected to your systems where all incoming disks and drives are scanned for threats before entering the environment. A large media company network was hacked a few years ago by USB drives left on the ground in their parking lot. Hackers will also send you drives, with pretty packaging, and explanations as to why this needs to touch your computer. Scan everything external before you let it into your network.
What are the ways media companies can remediate a Ransomware attack?
- Backup & Archive Strategy – One core piece of most crypto-ransomware is to locate backup servers and services and try to infect and delete them first. How you archive and keep your archives and backups safe is critical. If your archive is on-prem, how is it safer than your primary infrastructure? Is just having copies in the cloud enough? How about snapshots of data? Some of these methods are variants of what you use today for backups for hardware failures- just with some planning and hardening of systems.
- Response Plans – Do you have a plan for an attack? What your initial actions are may determine if you’ll get past this quickly, and with the least amount of downtime? Have you sat down with all your internal departments to work out a plan? You cannot over-communicate here. Getting the plan prepared, implemented, and tested is the right approach.