Extortion hacks have completely rattled the entertainment industry
Chris Unthank, the director of digital systems for Larson Studios, was in a panic this past December.
The company he works for, a California-based postproduction studio, had apparently been hacked. Files containing the company’s work were being held hostage by a criminal known as TheDarkOverlord.
Among the property stolen was 10 episodes of the new season of Netflix’s show “Orange is the New Black.” Unthank found all of the studio’s data stolen and deleted, and the hackers demanded payment via bitcoin in exchange for the data’s safe return.
“Once I was able to look at our server, my hands started shaking, and I almost threw up,” Unthank told Variety in an interview.
TheDarkOverlord demanded 50 bitcoin, roughly $50,000, to not leak the unaired episodes of the Netflix series. After conferring with federal law enforcement, studio President Rick Larson and his wife and business partner Jill Larson negotiated with hackers and acquiesced to paying the ransom.
Nevertheless, the hackers decided to leak the stolen episodes onto the popular torrent website The Pirate Bay this past April.
In the digital age, this scheme has turned a basic form of extortion into a worthwhile endeavor for criminals. The scheme has had an unprecedentedly strong effect on media and entertainment companies — those working with music, movies, television and video games — in the form of intellectual property theft cases coupled with hacking and potent malware.
Whether it’s hijacked IP addresses or stolen data files, it’s easier to hold something hostage if it’s purely digital in nature. When this occurs at media companies, the fallout often turns messy, with tough decisions to be made by people outside of the IT shop.
“Unfortunately it is increasing, in not just the game space but across the board,” said James Gatto, partner at Sheppard, Mullin, Richter & Hampton LLP and co-team leader of the firm’s teams for the Digital Media Industry and Social Media and Games Industry teams.
Beyond the Larson Studios hack, there have been several other major extortion incidents this year. Earlier this month, files from the video game Cyberpunk 2077, were stolen and held for ransom. CD Projekt Red, the company which is producing the game, refused to negotiate.
TheDarkOverlord group has also leaked episodes from ABC Network’s new series “Steve Harvey’s Funderdome” as well as threatening to release many more.
Digital media companies are no different than any other sector when it comes to IT: Their entire operation is spread over a wide array of endpoints, and security has not been top of mind when it comes to protecting assets.
“There’s a lot of issues with teams working online now, there are just so many more access points for people to be able to get into code repositories,” said Matthew Cook, co-founder of Panopticon Laboratories. “All it takes is one insecure machine, and of course, with more and more people using contractors and people bringing in their own devices it’s harder and harder to secure the perimeter of the network.”
In the Larson Studios case, hackers came across a computer running Windows 7 and found their easy opening to break in, according to Variety.
Security companies are emerging to cater specifically to the media industry, while others are being approached by an unprecedented number of new media clients. Cook, an expert in online banking fraud, repurposed his past experience and founded Panopticon to help protect online video game publishers.
“I dont think its ever really going to go away,” said Cook. “I think it’s a very serious problem for the publishers.”
Ajay Arora, CEO of data security company Vera, told CyberScoop that the media industry lags far behind others in terms of cybersecurity. He believes that most media companies are seven to 10 years behind more secure sectors, such as the finance industry.
“Ever since the Sony Pictures hack, the interest level in media and entertainment companies has skyrocketed when it comes to cybersecurity,” Arora said. “To tell you the truth I’ve been in security for a long time and the two years since the [Sony Pictures] attack is the first time I’ve really ever seen media and entertainment companies engage in such a big and proactive way into dealing with cybersecurity issues,” he said.
Complicating these attacks are the associated legal ramifications. Unlike ransomware attacks that encrypt data and prevent users from accessing the files, these extortion hacks depend on companies believing that something has been stolen and whether or not to negotiate with criminals.
Gatto says that companies should refrain from engaging if presented with an extortion threat.
“The thinking is that by engaging and acceding to the demands, you just empower and embolden these groups to do more,” Gatto stated.
These problems arose earlier this year for The Walt Disney Co. after hackers claimed to have stolen “Pirates of the Caribbean: Dead Men Tell No Tales” ahead of its May 26 release date and threatened to leak it unless a ransom was paid.
It was later revealed the hack was a hoax and no property was actually stolen.
Additionally, holding hackers responsible and mitigating losses in the event of an actual theft can be impossible.
“There’s definitely insurance coverage for those types of losses. You can buy cyber insurance policies,” said Brian Finch, partner at Pillsbury Winthrop Shaw Pittman LLP and Co-Chair of the cybersecurity and global security practice groups. “The challenge at the end of the day with the theft of intellectual property is what the actual value of what was stolen. So calculating the damage is the hard part.”
Determining what the net worth of a leaked product, such as a videogame or film, is extremely difficult, since a lot of the returns on media depend on if a project reaches critical acclaim or becomes popular with the public.
Legal and technological professionals find that the best path for the media industry is updating their means of protection as malware attacks persist. According to Variety, Larson Studios spent six figures on new cybersecurity measures following the hack. Now, they encrypt data by default and store audio and visual files separately to further ensure protection.
“The best thing that companies can do is to do what they can to protect themselves,” said Gatto. “You don’t want to be in a situation where the only copy of a data file gets subject to a ransom attack and you’re not getting it back unless you pay money. If you have the right security measures in place and the right policies and procedures and you’re backing up data and storing them separately … you’re not going to be in a situation where you just don’t have access to the data you need.”