Malaysia’s largest media company becomes victim of a ransomware attack

The hackers have demanded a ransom of $6.45M USD

Media Prima Berhad, Malaysia’s leading media company, has been attacked by a ransomware campaign in which the attackers demanded the company to make a payment of $6.45M USD in exchange for encryption keys, as reported by specialists in digital forensics from the International Institute of Cyber Security.

Anonymous sources of the company reported to various media platforms that the attack was developed over four days and that ransomware operators demanded that the company pay a thousand Bitcoin in ransom, the equivalent of $6.45M USD.

“Media Prima computer systems have been completely compromised and infected with ransomware in the last four days,” the anonymous source said. “The attackers demanded a payment in Bitcoin in exchange for the keys to get back the company’s information.”

Some recognized members of the cybersecurity and digital forensics community requested a statement from Media Prima. On the other hand, the company did not confirm or deny the incident, limiting itself to declare: “Thank you for the interest. We regret to have to inform you that Media Prima has declined to answer those questions.”

Another source, however, states that the attack was not as serious as it was reported in the first instance, adding that the company refused to make the payment demanded by the attackers.

“The email system from our office was affected, but we have migrated to G Suite. The hackers demanded Bitcoins, but they will not receive any payment from us,” declared the second anonymous source.

Digital forensics specialists do not know which variant of ransomware would have been used against the company. It is also unclear whether operators had direct access to physical systems (implying that they would have acted with the collaboration of company personnel) or whether they used social engineering schemes to enter the Media Prime infrastructure and deploy the attack.

It is worth noting that ransomware operators often use social engineering to deceive victims into granting internal access. Whatever the case, going for the amount requested by the operators, the attack was most likely directed.

According to reports of cybersecurity and digital forensics experts from the International Institute of Cyber Security, the average recovery time of a company that has undergone a cyber attack is 50 days, in addition to the financial costs and damages to the reputation of the attacked organization.