Premier Media Conglomerate of Malaysia, Falls for Ransomware Infection

Malaysia’s premier media conglomerate, Media Prima Berhad has been the latest victim of a nasty ransomware. The ransomware authors are demanding for US$6.3 million worth of Bitcoins in order to decrypt the files. The media giant is enjoying a great financial success for decades as Malaysia’s top dog when it comes to producing TV shows, radio programs, newspaper content, and other Digital media consumption products and services.

“Our office email was affected, but we have migrated to G Suite. They (the attackers) demanded bitcoins, but we are not paying,” a company employee of Media Prima said while maintaining anonymity for the lack of authority to speak. The official spokesperson for the Media Prima has not responded to inquiries by journalists, and remains mum at the time of this writing. It is also not known if the media giant has a credible backup system, which they can use in order to reconstruct the encrypted data.

Allegedly, the ransomware entered the company’s computer facilities through an infected email. Though this has been denied unofficially, as Media Prima allegedly already migrated to Google Docs Mail for their email infrastructure recently.

A ransomware is a type of malware, where infection comes with a dangerous payload of encrypting user files, and it demands to pay a ransom for it to be decrypted. With extortion at its central goal, this class of malware will try to extort money from the victim by offering a time-limited decryption offer for its victims, failure to pay means the total loss of files. Its closest analogy is kidnap-for-ransom, but this time, the one in custody is the valuable user data.

This technique is a cash cow for virus authors, as proven by the 2017 WannaCry epidemic, which affected the healthcare sector the most. The most typical ways to end up with ransomware infection include visiting malicious websites, through phishing emails and unknowingly downloading ransomware with seemingly legitimate files. Some ransomware will even infect users across peer-to-peer file sharing. When a user visits a compromised website, the ransomware is silently downloaded and installed onto the victim’s computer; the chance is higher for computers that remain using old versions of web browsers with known security vulnerabilities. Ransomware can also spread through an effective social engineering attack.

There are public decrypters that can be downloaded for known types of ransomware from https://www.nomoreransom.org, however it is unknown at the moment what particular strain has infected the email system of Media Prima. The best thing a user can do is to simply follow safe computing habits that generally prevent malware infection, like avoiding malicious sites, spam email, and other suspicious things, as well as keeping one’s operating system and antivirus up to date. There is a possibility that an employee of Media Prima accidentally unleashed the ransomware infected email, which triggered a chain reaction to the rest of its internal network.

Dec 31, 2017, Media Prima revealed it has absorbed a net loss of US$12.07 million, and a news about ransomware may further increase the net loss by end of 2018.