Nearly a month ago, KQED radio and TV station got to experience the wonderful situation of being infected by a ransomware.
“The incident took place on June 15, when an unknown strain of ransomware infected one of KQED’s Internet-connected computers, spreading to other workstations on the same network.”
The immediate result: for almost 12 hours, KQED’s radio stream was offline. Although the station’s IT staff was quick to shut off as many connected devices as possible, a great deal of information was still caught in the crossfire.
Those behind the ransomware asked for 1.7 BTC per infected PC, but KQED did not cough up the money. Instead, they conveyed the cyber-attack to the FBI.
Now that a month has passed, the station is finally getting a handle on some things. Unfortunately, it took them a lot of time to get to this point – and they’re not even done recuperating yet.
After the attack, all computers were wiped clean and refurbished with their operating systems. KQED’s wireless network at headquarters was down for days. Even more, the station’s email servers were also down for about two weeks.
The issues don’t stop there either.
“For two weeks, KQED TV broadcasts were moved and recorded at a studio at the University of California, Hastings. Even now, the team uses a stopwatch to time TV segments, a task previously automated by special software. Furthermore, new hires weren’t able to start work because KQED couldn’t issue new access cards.”
Marisa Lagos, a KQED reporter for politics, shared her experience in the recovery,
“We’ve basically been putting everything together with duct tape for a month. From an outside point of view, we really made it work. But what our listeners don’t know is that people have been doing really crazy things to make sure no one notices that anything is wrong.”