Delaware, USA – December 26, 2019 – Over the past few months, Entercom has become the second time the target of a cyberattack: in September, the radio network suffered a ransomware attack and attackers demanded $500,000 for decrypting the files. As a result of that attack, the radio network lost about $1.4 million and spent another $2 million to secure against similar incidents in the future. Perhaps it was this decision that helped Entercom recover from an attack on Sunday, December 23, which caused a temporary outage of the systems. “Entercom has confirmed it suffered a disruption to its IT systems over the weekend and says the issues were largely resolved by Monday morning.” But the company didn’t share info on the specifics of the outage and any details about the attack. According to multiple reports, the cyberattack affected email servers and disrupted access to files and content for the Entercom’s digital platforms.
Recent research shows that in 2019, the number of organizations purchasing decryptor to speed up the recovery is almost doubled, and attackers are looking for ways to keep this number growing. So the threat actor behind Maze ransomware steals as much of the sensitive information as possible before encrypting the organization’s systems and discloses it if the organization decides to restore the systems on its own. This week, attackers released 2GB of the 32GB of files that they stole from the City of Pensacola earlier this month demanding a $1 million ransom payment. You can use the Ransomware Hunter rule pack that leverages statistical profiling and behavioral analysis methods to spot signs of ransomware at every stage of Cyber Kill Chain: https://my.socprime.com/en/integrations/ransomware-hunter