carbonite logo

Commonly searched topics:

backupcloud backupaccount sign in

Article · Jul 25, 2017

San Francisco radio station knocked offline in ransomware attack

Color illustration of laptop screen showing a security warning.

A San Francisco radio station's computer systems remain offline more than a month after getting hit with a ransomware attack, according to news reports.

National Public Radio member station KQED 88.5 suffered the ransomware infection back in mid-June. The station is still broadcasting, but had to unplug most of its internet-connected devices in an effort to contain the attack.

"It's like we’ve been bombed back to 20 years ago, technology-wise," Queena Kim, a senior editor at KQED, told the San Francisco Chronicle." You rely on technology for so many things, so when it doesn't work, everything takes three to five times longer just to do the same job."

The attack that struck KQED highlights need for radio stations—and all businesses—to implement ransomware prevention and data protection strategies.

How it happened
The ransomware infection began to spread throughout the radio station's computer systems on June 15th. The station's email server stopped working shortly thereafter.

Station managers then took KQED's online broadcast offline while they investigated the attack. They discovered the ransomware as well as a digital ransom note demanding 1.7 Bitcoin (approx. $3,637) for each encrypted file. The ransomware infected tens of thousands of files, so paying the ransom was not an option.

To prevent the ransomware from spreading, they disconnected most internet-connected devices and urged employees not to turn on any machines running Microsoft Windows.

The ongoing outage has seriously disrupted the station's normal flow of daily business operations. Without web connectivity, broadcasters have no choice but to print and distribute scripts manually. They also need to time their segments using a stopwatch instead of using their web-connected content management system. They've also been forced to film many of their televised newscasts at a different location.

"We've basically been putting everything together with duct tape for a month," Marisa Lagos, who covers state politics for KQED, told the San Francisco Chronicle. "From an outside point of view, we really made it work. But what our listeners don’t know is that people have been doing really crazy things to make sure no one notices that anything is wrong."

How to prevent a ransomware attack
Email domain authentication technology could help businesses defend themselves against ransomware like the type that infected KQED. But organizations should also focus on ransomware prevention by training employees on how to avoid phishing email scams and strengthening their patch management procedures.

It's also important to back up critical data in case all else fails. With the right backup and recovery system in place, you'll never need to pay a ransom to cybercriminals.


David Bisson

David Bisson is an infosec news junkie and security journalist. He currently works as Contributing Editor for Graham Cluley Security News, Associate Editor for Tripwire's "The State of Security" blog, and Contributing Author to Metacompliance Ltd. and OASIS Open. David hopes his writing will help protect users against online threats, especially ransomware.

Related content