Some of the computer systems of Media Prima Berhad Malaysian media group have been locked and encrypted following a ransomware attack that started last Thursday, completely shutting down the company's email system.
According to The Edge Financial Daily's sources, the attackers demanded from Media Prima Berhad to pay a ransom of 1,000 bitcoins which were worth $5,820,000 at the time this article was written, with a value of $5,820 per bitcoin according to the Bitfinex cryptocurrency exchange.
Media Prima is a media group listed on Bursa Malaysia's main board which operates national newspapers (New Straits Times, Harian Metro, and Berita Harian) which are part of the The New Straits Times Press (Malaysia) Berhad publisher, four radio stations (Fly FM, Koo FM, Hot FM, and One FM), as well as multiple free-to-air television stations (ntv7, 8TV, TV3, and TV9.)
The Media Prima group also controls companies involved in the production and distribution of content, out-of-home advertising, and home shopping, making it Malaysia’s leading media company.
Media Prima's core operations were not hit by the ransomware attack
As reported by The Malaysian Insight, the only computing system affected by the ransomware attack was the company's email system, with other operations not being hit in the incident.
“The group wishes to state that at no time were our core business operations – broadcast, print, out-of-home advertising, content production and digital publishing – interrupted,” said Azlan Abdul Aziz Media Prima's corporate communications general manager in a statement sent to The Malaysian Insight.
There is no information regarding a possible data breach following the Media Prima Berhad ransomware incident, but given the way ransomware attacks work there's a very slim chance the threat actors bothered to exfiltrate any data from the servers before locking them.
As reported by other sources cited by The Edge Markets, Media Prima decided not to pay the ransom asked by the crooks, instead choosing to migrate their email system to G Suite: "Our office email was affected, but we have migrated to G Suite. They (the attackers) demanded bitcoins, but we are not paying."