Ransomware virus hits Media Prima's email system and asks 1000 BTC

Ransomware hits Media Prima Berhad Malaysian media group

Ransomware has hit the Media Prima's email system last Thursday, gladly, the main operating spheres were left untouched.

Last Thursday, the computer systems of the largest Malaysia's media company, Media Prima,^[1] were affected by a ransomware virus. The virus shut down the company's email network^[2] andurged for 1,000 BTC, which is about $6,000,000 in exchange, for the data recovery!^[3] However, while it is still unknown which ransomware succeeded in this attack, the affected group is not going to pay the demanded ransom.

Media Prima takes care of numerous newspapers, radio and TV stations. It controls Harian Metro, New Straits Times, Hot FM, One FM, TV3, TV9, and others.^[4] In addition, the media company also covers and controls the sphere of home shopping and advertising, so there is no surprise that it attracted cybercriminals.

Only the company's email system was infected

Some good news is that the main operations performed by the Media Prima company were not affected^[5]. The only target that did not avoid damage was the email system. However, the company leaders decided not to pay the demanded ransom and take other actions by transferring their email system to a G Suite^[6]:

Our office email was affected, but we have migrated to G Suite. They (the attackers) demanded bitcoins, but we are not paying.

Even though there is no information about data exposure, such a possibility is very small after all. Due to the operating principle of the ransomware virus, such cyber threats do not expose any information as their purpose is to encrypt valuable data to make it inaccessible and demand a certain price in exchange for a decryption tool.

However, the amount of ransom is very impressive – victims were requested to pay 1000 BTC. At the moment of writing, one bitcoin equals $6,297.21, so the whole amount requested from the victim reaches $6.29 million.

Not the first company affected by ransomware

As we have already mentioned, ransomware viruses have been actively infiltrating unprotected systems and the number of ransomware victims is still rising.

However, the biggest attack was implemented by WannaCry ransomware against NHS (National Health Service) in England and Scotland. According to reports, it involved over 70,000 medical devices and cost almost $128 million in losses. Obviously, the NHS was not the only one affected by WannaCry ransomware. The list of victims includes such famous companies as Renault, Nissan, FedEx, Telefonica, Deutsche Bahn, and many others that altogether lost the staggering $4 billion in damages.

Yet another vast ransomware campaign was initiated by Petya ransomware in June 2017. The list of affected companies includes Merck, Maersk, Mondelez, DLA Piper, Ukraine government, banks, power utilities, and other important plants. As it has been announced, Merck alone lost $135 million in revenue alone. According to other sources, Maersk and FedEx lost $300 million.

The main factor while trying to prevent ransomware is being extra cautious while dealing with emails. Note that crooks tend to drop phishing messages with infected attachments to random people, so you can never know when are in a target of hackers. What you should do is avoid opening any suspicious-looking content you receive to your email box. Be careful as sometimes a spam message might fall into the inbox section too.