EXECUTIVE SUMMARY:

This past summer, CyberTalk.org featured a story on a ransomware attack that targeted KQED, a Bay Area radio and TV station. Just recently, the station provided a fascinating account of what happened behind the scenes, when the attack hit.

Events began to unfold on June 15, when employees from all over the company started reporting computer crashes. In response, the IT team shut down the network, to contain the issue. Phones, internet, and audio interviews were no longer available. Handwritten signs were plastered everywhere, to tell employees to keep off their computers.

Describing what it was like, KQED blogger Jon Brooks wrote, “Think of a really boring episode of ‘The Twilight Zone’—or better yet, ‘Black Mirror.’ Or getting stuck in an absurdist satire about human dependence on technology. Everyone had their particular breaking point, triggered by one Rube Goldbergian workaround or another.”

While the news team and related staff improvised to rig up a way to keep things running and on air, the IT team scrambled to address the attack. Quoting KQED’s CTO, Brooks reported that the station considered paying the ransom, but dropped the idea after the FBI outlined the risks. “They were: being seen as an easy mark; inclusion of code in the decryption key that would set the stage for future intrusions; and failure of the perps to keep their part of the bargain to set your data free.”

Read more about how the work culture and operations transformed as a result of the ransomware attack at KQED’s blog, Future of You.