For the last month, San Francisco’s KQED has been recovering from a massive ransomware attack, the station revealed today to The San Francisco Chronicle. The infection began on June 15th, but more than a month later, many crucial systems remain offline at the National Public Radio member-station.
“It’s like we’ve been bombed back to 20 years ago, technology-wise,” one senior editor told the Chronicle.
The initial damage from the attack was severe, locking hard drives, erasing prerecorded segments, and bringing down the station’s internal email server. The station’s online broadcast was offline for more than 12 hours, although the FM broadcast continued uninterrupted. The office Wi-Fi remained offline for several days.
As systems recover, the station has been forced to print and manually distribute scripts. Broadcasters have also returned to timing segments with a stopwatch, without a more intricate content management system to generate timestamps.
The ransomware was unusually expensive, demanding thousands of dollars for each encrypted file. As a result, the total decryption cost would have been tens of millions of dollars, far more than the station could afford. According to the station, no ransom was paid, and the office’s technical support staff have been left to work around the encrypted systems.
The attack does not seem to have been related to Petya, a broad-reaching attack that shut down corporate systems in Europe and elsewhere in the weeks that followed.