KQED

KQED San Francisco is still struggling to get things back on the grid after a ransomware attack one month ago. The public radio and TV outlet was without email for two weeks and had no WiFi for several days after the June 15 cyberattack. Even today, staffers are sharing a single computer and printer to make copies of scripts for broadcasts.

The malware infection shut down the station’s email server and all network-connected devices were taken offline in an effort to isolate the virus, the San Francisco Chronicle reported. Besides the station’s online stream going down for 12 hours, the broadcasts have continued for the most part uninterrupted. The TV station, however, has been recording segments at another studio at UC Hastings.

“What listeners don’t know is that people have been doing really crazy things to make sure no one notices that anything is wrong,” political reporter Marisa Lagos told the paper. She said the morning after the attack she and other reporters had to come in at 5am to rerecord a segment lost in the ransomware attack, where computer files are encrypted and a ransom is demanded for a key that would restore them.

The attack was reported to the FBI and the ransom—1.7 bitcoin per file, which is equal to nearly $3,700 apiece—was not paid. With millions of files involved on a single PC, the ransom would dwarf KQED’s annual revenue of $71.6 million, the Chronicle said.

Ironically, the attack happened just after the station updated its antivirus systems. It also had up-to-date firewalls, e-mail scanning software and multiple malware detection programs. The virus infected a “new piece of software” that was not being scanned by KQED’s security systems, chief technology officer Dan Mansergh said. Malware is usually spread through email attachments, infected links or files that may come into a network via a USB drive.

Earlier this year a number of radio station Emergency Alert Systems (EAS) were hacked and programming was hijacked. The Society of Broadcast Engineers (SBE) has issued security notes for the EAS to help radio groups assure that their equipment is protected from outside intrusions. The ransomware attack at KQED is different than these type attacks but it keeps in the forefront an unwanted byproduct of the industry’s constant reliance on computer networking and the internet.