DoppelPaymer Strikes Again This Time Hitting Top TV Show Producers

Endemol Shine Group, an Amsterdam-based TV show production company responsible for hits like Master Chef, The Voice, and Big Brother, was the victim of a ransomware attack by a notorious hacker gang dubbed DoppelPaymer. It it also the name of the type of ransomware used in the attack.

What Happened?

The hacker group publicly took credit for the heist by posting information on their victim leak website. After DoppelPaymer took control of Endemol systems, they harvested data and posted a sample on the dark web site to prove their intentions of leaking it all if the media giant did not pay up. 

Although there is not yet any word of how much data was stolen, Endemol’s parent company Banijay released a statement to the press saying “certain personal data of current and ex-employees may have been compromised, as well as commercially sensitive information.”

The notice says that the company is working closely with cybersecurity investigators and the authorities in both the Netherlands and the UK to resolve the issue. They reassured employees that if any of their information is misused (for example, with identity theft), they will “contact the affected individuals directly.”

They also provided an email address where interested parties can contact them and ask questions. They did not mention whether or not they intend to pay the ransom to take back control of their systems and avoid further data leaks. 

As reported on Forbes, “Banijay did not report what the attackers were seeking in ransom, but it’s likely to be a seven-figure amount. When DoppelPaymer hit Mexican state-owned oil group PEMEX last year, the demand was $4.9 million.”

Endemol was previously owned jointly by Disney and The Apollo Group, but Banijay purchased the company for $2.2 billion earlier this year. 

Who and What is DoppelPaymer?

Microsoft discovered and warned the public about a dangerous hacker gang named DopplePaymer last November. Not only is DoppelPaymer the name of the hacker gang, but it’s also a strain of ransomware the group uses to ensnare their victims, take control of systems, encrypt data, harvest sensitive information for leaks, and extort ransom. 

Some other victims of this prolific hacker gang include Newcastle University, NASA contractor Digital Management, Inc., Visser Precision, Denver-based aeronautics, and automotive parts manufacturer, and French communications provider Bretagne Télécom.

Fines May Also Be on the Horizon

Along with a steep ransom payment, Endemol may face hefty GDPR compliance fines on top of it. Google has faced GDPR violation fines twice this year alone ($7.9 million and $56.6 million). Other companies fined for not securing their systems well enough include Marriott and H&M. 

What is Ransomware and How You Can Avoid It

Ransomware is a type of malware hackers, and cybercriminals use to take over someone’s computer or network. More sophisticated versions of ransomware encrypt the owner’s data making it impossible to use or access while they are locked out. The perpetrator then demands a ransom to restore access. 

Typically when the ransom note appears, there are explicit instructions on how to pay the criminal so that they will restore the files. Depending on the hacker or group, the ransom may be only a few hundred dollars to millions. Usually, they demand payment in Bitcoin because it is untraceable. 

The most common way a computer gets infected with ransomware is through phishing attacks. Hackers send emails to thousands of victims hoping to get them to click a link, which then takes them to a malicious website and infects their system. Sometimes the email will specify you have to download an attachment or visit a specific website and log in. Hackers try to trick unsuspecting victims through various social engineering tactics to get them to let down their guard and provide logins or other secret information, allowing them to take over.

Once the hacker has access, all they have to do is initiate a script which then encrypts the entire hard drive so that the owner can no longer access anything. Then they display a ransom note and wait to get paid. Sometimes these criminals steal additional personal information for identity theft or to sell on the dark web.

Few things are as alarming as finding out your entire digital world is being held for ransom. However, there are things you can do to protect yourself against ransomware, and they are:

• Never click links in an email unless you are sure where it came from.
• Do not install software from untrusted sources or visit sites that you do not know.
• Be diligent in checking URLs before entering any login information.
• Keep your computer updated with the latest security patches.
• Install and run deep scans often using good antivirus/anti-malware software. 
• Keep good backups of all your data so that in the event you do become a victim, you can restore your entire system back to normal without paying a cent.