Danish News Agency Ritzau Refuses To Pay After Ransomware Attack

Ritzau, the largest independent news agency in Denmark founded in 1866 by Erik Ritzau, said in a statement that it will not pay the ransom demanded by a ransomware gang that hit its network on Tuesday morning.

The Danish news agency audience includes 10 million radio listeners, 8 million TV viewers, 3 million newspaper readers, and 15 million readers via digital news sources according to stats 0provided by Gallup and the Dansk Online Index during 2015 and 2016.

“The hackers attacked Ritzau early Tuesday morning, and the news agency has thus been hit for more than a day,” the news agency said in a statement. “The attack has meant that the editorial systems have been shut down.”

“The news agency, which delivers news to virtually all major media in Denmark, cannot broadcast news in the normal way. Instead, an emergency system is used where the news is broadcast to the country’s media in another way.”

Also Read: Thinking of Shredding or Burning Paper? Here’s What You Should Know

Ransom amount unknown

Ritzau will not pay the ransom demanded by the threat actors behind the ransomware attack that hit the news agency’s network said CEO Lars Vesterløkke.

While the ransomware group who successfully encrypted Ritzau’s systems is not yet known, Vesterløkke described the attack as “very professional” according to a statement published today.

“The Ritzau news agency was subjected to an extensive hacker attack on Tuesday, and the hackers have subsequently demanded a ransom to release data,” Vesterløkke said. “Ritzau has refused to pay money to the hackers.”

Even though the attackers left a ransom note on Ritzau’s encrypted computers, the news agency did not follow the instructions needed to gain access to more details regarding the demanded ransom amount for a decryptor.

“They left a file with a message with more details, but we chose not to open it after guidance from our advisers,” Vesterløkke added.

Full recovery expected on Thursday

During the attack, the ransomware group was able to compromise and encrypt roughly one-quarter of out of over 100 servers on Ritzau’s network.

Ritzau’s IT department is now working on restoring all affected computers and bringing them back online.

The news agency is also helped by specialists provided by its insurance company and has also hired an external security company specialized in analyzing and mitigating such attacks.

The news agency expects to resume normal operations within 24 hours, switching from the emergency distribution system that uses six live blogs to its usual news release channels as soon as possible.

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

“The technical breakdown means that we can not broadcast news as usual via the news service,” the news agency’s statement adds. “We expect to be operational by Thursday at the earliest.”