Banijay, producer of MasterChef, hit by ransomware

by Jake Doevan - - 2020-12-01

The malware strain responsible for the attack is DoppelPaymer ransomware

Banijay ransomware attack Banijay was hit by ransomware: corporate and employee information likely compromised

A TV production firm Banijay SAS suffered a ransomware attack. The French company is known for its famous show releases such as MasterChef, Black Mirror, The Kardashians, or Big Brother and owns more than 120 production firms worldwide. Banijay acquired Endemol Shine Group for $2.2 billion in July 2020, which made it the largest international corporations in the industry.

Banijay announced the cyber incident on November 26 on its official website.^[1] In the statement, the company claims that the incident occurred in Endemol Shine Group and Endemol Shine International networks, located in the UK and the Netherlands:

The global group is currently investigating the situation with independent specialists, and to date, has reported the issue to the relevant local authorities in both the Netherlands and the UK – the territories affected by the incident.

The malware behind the attack – the infamous DoppelPaymer ransomware^[2], has been known for a while. The ransomware is typically deployed after gaining access to the compromised credentials and then infecting the whole network. INDRIK SPIDER, the cybercriminal group responsible for the strain, has previously struck large-scale targets such as the City of Edcouch, as well as the Chilean Ministry of Agriculture.^[3]

Employee and corporate information leaked by criminals

According to Banijay's statement, there is “reason to believe” that current and ex-employee data has been leaked during a cyberattack. It was also stated that commercially sensitive information is likely to be compromised as well. There are no further details on what type of personal information could have been stolen, nor the one that relates to the corporation itself.

Banijay hurried to apologize for the concern that the situation could have caused for those affected. In the meantime, it reported the incident to the UK and Netherlands authorities, the countries where the Endemol Shine Group and Endemol Shine International networks are located in. The TV show producer also said that it is actively working with a third-party to resolve the incident.

Banijay also added:

We are continuing to take the appropriate steps and remain committed to protecting our employees, past and present, so if we do identify any cases of data being taken or misused, we will contact the affected individuals directly.

DoppelPaymer gang might reveal sensitive information stolen from Banijay publicly

A ransomware attack is a very serious threat for any corporation, even for the multi-billion one. Since Banijay is one of the largest international groups in the industry, cybercriminals can expect high sums of ransoms if it agrees to pay.

One of the main reasons why the corporation would agree to fulfill cybercriminals' demands is the double extortion principle, which was first initiated by the Maze ransomware gang in late 2019 (the group has recently announced that it has stopped all the operations and is disbanding).^[4]

Before deploying the ransomware, malicious actors spend quite some time on the attacked network, moving laterally. Once the targets are reached, sensitive employee or corporate information is usually extracted, and only then files on the network encrypted. This clever but dangerous practice has made many corporations, governmental institutions, hospitals, and even cities to pay the ransom for sensitive information not to be published online.

For this purpose, threat actors typically create a specially-crafted leak website, where all the stolen information is posted if victims decline to pay. In this case, DoppelPaymer authors posted several files allegedly stolen from the company, some of which under names like “Compliance Year Plan.docx” and “ESG compliance charter.docx.”^[5]

To make matters worse, INDRIK SPIDER, the gang behind DoppelPaymer, is one of the largest cybercriminal groups around that goes for the so-called Big Game Hunting, asking for huge ransoms. For example, PEMEX oil company from Mexico was asked to pay as much as $4.9 million in bitcoin.^[6]

It is yet unknown what stance Banijay is going to take, as it is likely that the attackers will ask for a lot. Companies are often ready to do a lot to keep corporate, employee, or customer information confidential.

About the author

Jake Doevan - Computer technology expert

Jake Doevan is one of News Editors for 2-spyware.com. He graduated from the Washington and Jefferson College , Communication and Journalism studies.

Contact Jake Doevan
About the company Esolutions

References

^ Cyber Incident Notification. Banijay. Official website.
^ Linas Kiguolis. Remove DoppelPaymer ransomware (Virus Removal Instructions) - updated Apr 2020. 2-spyware. Cybersecurity news and articles.
^ Brett Stone-Gross, Sergei Frankoff and Bex Hartley. BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0. CrowdStrike. Security blog.
^ Zack Whittaker. Maze, a notorious ransomware group, says it's shutting down. Tech Crunch. Startup and Technology News.
^ Sergiu Gatlan. MasterChef, Big Brother producer hit by DoppelPaymer ransomware. Bleeping Computer. Technology news and computer help.
^ Ionut Arghire. Mexican Oil Company Pemex Hit by Ransomware. SecurityWeek. Internet and Enterprise News, Insights & Analysis.