Cyber attack could cost Nine $1m, say security experts

A major cyberattack continues to cause havoc across the media company with news bulletins and publishing impacted.

2 min read

2:52PMMarch 29, 2021.

Updated 10:57PMMarch 29, 2021

The Australian Business Network

Nine’s headquarters in North Sydney Picture: Flavio Brancaleone

Nine Entertainment has spent a second day battling a cyber attack that continues to disrupt staff in the company’s television and print arms, almost derailing efforts to publish major metropolitan newspapers.

Nine chief executive Mike Sneesby, in a staff email late on Monday, described the cyber attack as “significant in scale with high potential to disrupt our business” and noted “a number of core systems remain offline”.

“We have also established a cross-business working group which is meeting regularly to concentrate on the priority of services to be restored,” he wrote.

In the update, Nine chief information officer Damian Cronan said the company had been hit by a “significant, sophisticated and complex cyber attack”.

“Our focus in the first 24 hours was on containment and we are confident our technology systems have isolated the attacker and the specific destructive activity that was initiated,” Mr Cronan wrote.

TV programs affected include regular news bulletins, while the attack has hampered the ability to publish The Australian Financial Review, The Sydney Morning Herald and The Age.

AFR editor Michael Stutchbury, in an email to subscribers, confirmed the impact of the ongoing cyber issues. He said staff had limited access to their production system and could not use new photographs or create graphics. Articles on its website have been made available without requiring a subscription.

Nine’s Melbourne newsreader Alicia Loxley confirmed on air that TV programs continued to be disrupted. “The majority of systems have been offline since the early hours of yesterday (Sunday) morning,” she said on Monday.

Dozens of staff from Nine’s headquarters in North Sydney have flown to the Melbourne studios to help produce the Today Show — which was unable to be aired on Sunday — as well as regular news bulletins.

The ransomware attack on Nine could cost the company more than $1m, depending on how long the outage lasts and if Nine is asked to pay a ransom, cybersecurity experts say.

All Nine employees were asked to perform security checks of their devices on Monday before starting work, with unknown files appearing on some employees’ desktops, sources at the company said.

Daniel Lai, chief executive of cyber security provider ArchTIS, said the attack would likely cost the network more than $1m, with significant recovery costs. “Now they will need to go back and clean the systems if they can.

“There’s going to be a huge data recovery exercise and a whole process of investigation or forensics that will go with it.

“Then there’s the cost of doing the movement of their operations from Sydney to Melbourne to continue to operate. All of these are enormous costs.”

He said Australia’s current cyber security strategy was falling short of current needs as cyber attacks continued to play out almost daily.

“We don’t know how the ransomware attack was executed, but the potential vulnerability of moving people in and out of working from home could mean there was less protection on some of those endpoints.”

Mr Lai said that the number of ransom attacks had grown significantly as hackers were able to easily work out how much a business could afford to pay and how much its data was worth.