Hackers infect largest media company in Malaysia with ransomware, then demand $6.45 million

Hackers infect largest media company in Malaysia with ransomware, then demand $6.45 million

Media Prima Berhad, Malaysia’s leading media company, has been hit with a ransomware attack followed by a whopping $6.45 million demand for the decryption keys.

Anonymous sources from within the company told The Edge Financial Daily that the attack unfolded over four days, and that ransomware operators demanded the company pay 1,000 bitcoins in ransom – the equivalent of RM27,042.26, or US$6.45 million.

“The whole Media Prima group’s computer systems have been breached and infected with ransomware over the last four days,” said the source. “The attackers demanded 1,000 bitcoins from Media Prima in the ransomware attack.”

Asked to comment via email, Media Prima would neither confirm nor deny the breach, saying: “Thank you for the questions. It is with regret [we have] to inform you that we decline to comment on the questions.”

Another source, however, indicated that the attack was not very serious at all, and that Media Prima declined paying the ransom.

“Our office email was affected, but we have migrated to G Suite. They (the attackers) demanded bitcoins, but we are not paying,” this source said.

It is unclear what ransomware family was used in the attack. It is also unclear whether the operators had direct access to physical systems (an inside job would not be out of the question), or if they used social engineering schemes to make their way into Media Prima’s infrastructure and deploy the attack.

It is worth noting that ransomware operators typically use social engineering to trick victims into granting internal access. Whichever the case, going by the sum requested by the operators, the attack was very likely targeted.