Update on the Sony hack-attack

As I said in a previous post, it certainly appears that Sony is in the midst of a serious IT problem.  Sony has been extremely quiet except to say that they have a “system disruption” that they are “working diligently to repair”.

The important question to ask is “If this happened to our company, how would we deal with it?”.  These ransomware attacks are fairly common and, unfortunately, the only real way to know that you have removed the attacker’s access is to rebuild your entire network from scratch – which may be what Sony is doing.  What this means is having TESTED backups, backup copies of configuration data (preferably offline), and a staff that has actually performed the rebuild process before the crisis.  You may also need additional hardware as the cops may still be messing with your hardware.  You also need to understand how long the rebuild will take.  All this should be part of your disaster recovery plan.

Business continuity insurance likely would help pay for the costs if you have that and if it covers cyber disruptions (it may not – you may have to purchase cyber liability insurance to get cyber business continuity coverage), but checking on all of this in advance would be smart.

In terms of getting the data back that the attackers took, that probably is impossible.

The reason Sony shut off their internet connections world wide and forced people to use pencil and paper when this first happened a week ago is that, assuming this was not an inside job and the attackers don’t have co-conspirators inside the company, this is the only way to stop the attackers from doing more damage.

Unfortunately for Sony, employees have resorted to using their personal smart phones and Gmail, with the attendant security issues that represents.  The likelihood of getting that genie back in the bottle varies from slim to none.

For a publicly traded company like Sony, they will have to disclose the cost of this – between lost intellectual property, lost productivity, outside consultants and staff time to restore or rebuild what they need to do, the cost is likely in the tens of millions of dollars.  Not to mention, on top of those costs are litigation costs (certainly there will be lawsuits) and judgements.

It is not clear if the attackers told them to keep their mouths shut or whether they foolishly think they can keep the bad news under wraps by stonewalling the media.  If it is the latter, it is not working.

The group, calling itself the #GOP (not sure if that play on words is intentional), is reported to have obtained ‘corporate secrets’  and would leak them if their demands were not met.  It is being reported by some outlets that among the property lost were digital copies of celebrity passports such as Angelina Jolie’s.  Some outlets are saying that the attack is using a common form of ransomware, where the contents of file systems are encrypted with the GOP, in this case, hanging on to the decryption keys until their demands are met.

Variety, the trade rag for the movie industry, reported that five Sony movies have been leaked.  Four of these movies have not even been released yet.  The titles that were leaked were Fury, Annie, Still Alive, Mr. Turner and To Write With Love On Her Arm.  Fury was downloaded by 888,000 unique IP addresses.  These movies were DVD quality reviewer copies and were watermarked, but my guess is that the hackers do not care.  It is not clear if these purloined movies are part of the corporate secrets that would be leaked.  Certainly, leaking DVD quality copies of new movies that have not even been released could hurt sales.

According to the New York Post, staffers at Sony are being forced to use pen and paper to complete their work assignments.  The Post is also reporting that Sony is investigating whether North Korea is behind the attack since they are supposedly upset about Sony’s upcoming movie “The Interview”.  The New York Times is reporting that Sony’s information technology experts told an in-house conference call they were “making inroads” against the attack and expected to be back online by Monday.  What, exactly, that means is totally unclear.

The Register.uk is reporting that bosses have told their teams that it may take three weeks to recover from the attack.  The Register displayed this picture in one of their reports:


All in all, this is another black eye for Sony which has had more than it’s share of hacks, a serious distraction for employees, a field day for the media,  millions of dollars in costs, likely lawsuits and probably more policies and procedures for employees to follow.