The Devastating Risk to Media Companies of a Ransomware Attack

The magnitude of ransomware threats on the media industry is an escalating concern that demands robust cybersecurity measures.

In what some are calling a “Ransomware Renaissance”, ransomware attacks have shown a relentless rise in complexity and frequency in the last few years. With cybersecurity firms reporting over 400 attacks in March 2023 alone, this form of cybercrime is rapidly evolving and developing new, sophisticated methods of delivery – and no media company is safe.

The media industry, with its vast digital footprint and dependence on critical data, is now experiencing an unprecedented level of threat from ransomware gangs, and faces unique challenges in mitigating these threats.

The scale of the ransomware problem

Ransomware is malicious software that encrypts files and locks users out of their systems until a ransom is paid. It’s a form of cyber extortion that operates in four phases:

• Infection: Email attachments, malicious links, compromised websites, software vulnerabilities – there are many ways ransomware can infect a system or network. The most common point of entry is phishing emails. 

This was the primary delivery method for the notorious REvil ransomware, and a 2022 survey revealed 88% of organizations who received increased email threats were victims of ransomware

• Encryption: As soon as ransomware gains access to the victim’s system, it immediately begins encrypting files. This is the process of converting information into secret code that cannot be accessed by the victim. Without a decryption key, which is held by the attackers, these files and data are inaccessible and unusable
• Ransom note: This appears on the victim’s screen and details the ransom that must be paid in order to obtain the decryption key and get control of their systems. The note will contain instructions on how to make the payment, and what will happen if it is not paid within a specified time – usually this is the deletion or exposure of all files
• Payment and decryption: Though it is advised against, the victim may decide to follow the instructions and pay the ransom. However, even in this scenario, the attackers are unlikely to send the decryption key, and there is never any guarantee that data will be restored. 

According to these 2022 statistics, only 54% of companies that paid ransoms had their systems restored after the first payment. Meanwhile, a third of companies had to pay additional ransoms, and 4% were still unable to retrieve their data 

Ransomware attacks are not far-fetched threats. 48% of IT professionals report that ransomware attacks are increasing in volume and severity, with Q2 of 2023 showing the highest victim counts per quarter we have ever seen, according to Cyberint. Additionally, new figures estimate that by 2031, a new ransomware attack will be launched every two seconds.

These findings are of particular concern to the global media industry, which sits at the top of the ransomware targets list. In 2022, the media, entertainment, and leisure sector saw 79% of organizations battling ransomware incidents, an increase of 147% from 2021.

Media companies: The top target for ransomware attacks

Media companies, especially those with a high profile, need to be particularly vigilant about their cybersecurity measures. While in the past, the media industry has not been on the top of the ransomware list, with industries like healthcare being the prime targets, this is now changing with the rise of technology and online media consumption.

Media organizations are attractive targets for several reasons:

• They gather reams of sensitive data, intellectual property, unreleased media, and many other forms of valuable information that can be weaponized by hackers
• They have a wide reach, meaning a ransomware attack could have a significant impact on their audience or customers and make them more likely to pay the ransom
• Their reliance on third-party vendors introduces vulnerabilities to their supply chain that hackers can easily exploit 
• They are seen as lucrative targets by financially motivated cybercriminals, given the rise of digital technology and the online consumption of content
• Their interconnected systems offer multiple entry points, allow ransomware to rapidly spread across the entire network, and increase the risk of human error 
• Their high visibility attracts cybercriminals due to the impact an attack would have, the attention it would garner, and the ease of infection. Cybercriminals will also capitalize on a high-profile media company’s urgency to end operational disruption

Given these factors, media companies should implement robust security protocols, conduct regular risk assessments, and educate their employees about the risks of ransomware and phishing attacks. 

Additionally, having a well-defined incident response plan can help minimize the impact of a potential ransomware attack and enable a quick and effective recovery process.

The business risks associated with ransomware attacks

Ransomware attacks in the media industry pose significant business risks, impacting various aspects of media companies’ operations and reputation. One of the most apparent risks is the financial losses. 

Financial costs of ransomware

If we look at the statistics from Cybercrime Magazine, the damage costs of ransomware have been rapidly increasing, from USD $8 billion in 2018 to USD $11.5 billion in 2019 to USD $20 billion in 2021. By 2031, the global damage costs of ransomware are expected to reach an enormous USD $265 billion. 

Additionally, in 2023, the average ransom demanded by attackers is USD $1.5 million. The effects of these skyrocketing damage costs and ransom payments can severely impact businesses, with 40% of victim companies having to lay off employees as a result of an attack. Meanwhile, some SMEs may never be able to recover. 

Even if no ransom is paid (which should be the case), companies could still end up paying in the hundreds of thousands or even millions because of operational downtime. This is the most expensive aspect of a ransomware attack.

With an average recovery time of 22 days, the cost of downtime is usually fifty times more than the ransom demand, and this, combined with recovery expenses, means that the average cost of recovering from a ransomware attack sits at USD $4.54 million. 

Reputational damage

Successful ransomware attacks can severely damage a media company’s reputation. If customer data is compromised or leaked, it can erode trust among audiences and advertisers, and create negative perceptions among stakeholders. In fact, 20% of ransomware costs are attributed to reputational damage. 

This has real long-term consequences that extend well beyond the immediate aftermath of a ransomware attack, including:

• Decreased engagement and loyalty 
• Declining viewership, readership, and traffic
• Severed relationships with advertisers
• Reduced advertising revenue and business sustainability
• Loss of business partnerships
• Difficulty attracting and retaining talent
• A drop in stock value and wavering investor confidence
• Litigation from affected customers, partners, or investors

In the end, this places victims of ransomware at a marked competitive disadvantage, and confronts them with a steep road to rebuilding their brand’s image and earning back that trust.

To recover from reputational damage caused by a ransomware attack, media companies must engage in proactive crisis management, transparent communication, and continuous efforts to improve cybersecurity measures. 

Regulatory implications and fines 

Another business risk associated with ransomware attacks is the potential regulatory implications and fines incurred for inadequate data protection. Industry and government regulators can enforce stiff penalties on organizations who fail to comply with data privacy laws, and the worst part about this is that ransomware gangs can capitalize on it. 

Double extortion ransomware involves exfiltrating data before encrypting it, allowing the hackers to expose sensitive information if the company does not pay the ransom. The steep fines awaiting companies if this data is released puts pressure on them to pay up. However, victims who pay the ransom could be fined millions of dollars for violating federal regulations, so it’s a real double-edged sword.

Data protection regulations mandate media companies to safeguard sensitive information. If a ransomware attack occurs due to inadequate data protection measures, media companies may face the following regulatory implications and potential fines:

• Notifiable data breach. Companies may be required to notify regulatory authorities about significant data breaches. Failure to do this can result in additional penalties
• Regulatory investigations, which determine the extent of the breach, assess the organization’s data protection practices, and ascertain if any laws were violated
• Data protection violations, which could include a fine calculated on the number of people affected, how sensitive the data is, and the organization’s compliance history
• Mandatory remediation measures, which the organization is required to implement in order to improve data protection and prevent future incidents
• Civil lawsuits from affected individuals, like customers or stakeholders, seeking compensation for the harm caused by the breach

It’s essential for media companies to be aware of the data protection laws that apply to their operations and take proactive steps to comply with these regulations.

Implementing robust data protection measures, conducting regular security assessments, and having a well-defined incident response plan can help safeguard media businesses against ransomware attacks or, at the very least, enable them to mitigate costs, penalties, and reputational damage in the event that one does take place. 

Lineup’s immutable storage technology keeps you and your data protected even in the worst case scenario. Immutable storage is the only way to render ransomware attacks powerless. Contact us today to discuss how this data security solution will work in your business.