Today's Forecast: Cloudy With a Chance of MalwareProgram on The Weather Channel Knocked Off Air by Malware for 90 Minutes
For about 90 minutes Thursday morning, the broadcast of The Weather Channel's signature early show, "AMHQ," was shut down by what the company called "a malicious software attack."
The Weather Channel was forced to run pre-recorded programming from about 6 a.m. to 7:40 a.m. EDT, CNN reports. Afterward, the channel sent a tweet explaining what happened:
"We were able to restore live programming quickly through backup mechanisms," the tweet notes.
A spokesperson for the channel declined to elaborate on the details of the attack, including the type of malware. So it's not clear whether ransomware was involved.
Not that anyone is actually watching the Weather Channel today, but it has apparently been knocked off air by a 'malicious software attack'.— Graham Cluley (@gcluley) April 18, 2019
What's the betting it's ransomware?https://t.co/IAc8D7KbFE
Value of Backups
Over the last several years, security companies have emphasized using back-up and recovery systems as a way to restore networks after ransomware and other attacks, as The Weather Channel apparently did.
In a recent ransomware against a local government in Georgia, the target apparently did not have the proper back-up systems in place and ended up paying about $400,000 in ransom to recover encrypted data (see: Georgia County Pays $400,000 to Ransomware Attackers).
While not many details are known, the fact that the back-up and recovery systems worked was key to a fast recovery, says Joseph Carson, chief security scientist at Thycotic, a Washington-based security firm. He adds that other companies should take note if ransomware was used.
"It will be interesting to see if this attack is related to the most recent string of malicious malware impacting other global organizations such as the 'LockerGoga' that impacted Norsk Hydro several weeks ago causing more than over $40 million so far and still several systems are under manual control week following the incident," Carson says.
Over the past several years, various television broadcasters have been faced with malware attacks that have forced them to go dark or interfered with the daily programming.
In 2017, for instance, an attack shut down French broadcaster TV5Monde. The attackers took advantage of the broadcaster's Active Directory system and created their own admin-level credentials that allowed them to gain access to routers, switchers and other parts of the internal network, according to news reports.