{
	"id": "afd1e78e-db2c-4980-8d93-f5d9bd9b1fb0",
	"created_at": "2026-04-06T00:17:41.303048Z",
	"updated_at": "2026-04-10T03:21:00.582773Z",
	"deleted_at": null,
	"sha1_hash": "808eccefd3433928ac58b4334d0a5c3983038294",
	"title": "MasterChef, Big Brother producer hit by DoppelPaymer ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1873106,
	"plain_text": "MasterChef, Big Brother producer hit by DoppelPaymer ransomware\r\nBy Sergiu Gatlan\r\nPublished: 2020-11-27 · Archived: 2026-04-05 23:45:47 UTC\r\nFrench multinational production and distribution firm Banijay Group SAS was hit earlier this month by a DoppelPaymer\r\nransomware attack and had sensitive information stolen by the ransomware operators during the incident.\r\nYesterday, Banijay publicly confirmed a cyber incident that led to employee and commercially sensitive data potentially\r\nbeing compromised.\r\nBanijay became one of the largest if no the largest international groups in the audiovisual content production and\r\ndistribution market after acquiring Endemol Shine Group for $2.2 billion in July 2020.\r\nhttps://www.bleepingcomputer.com/news/security/masterchef-big-brother-producer-hit-by-doppelpaymer-ransomware/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/masterchef-big-brother-producer-hit-by-doppelpaymer-ransomware/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nThe group is now home to more than 120 production companies across 22 territories and it is behind some of the biggest\r\nglobal entertainment brands including scripted and non-scripted content.\r\nBanijay's brand list includes MasterChef, Survivor, Big Brother, The Kardashians, Mr. Bean, Black Mirror, Extreme\r\nMakeover: Home Edition, and Deal or No Deal among many others.\r\nOnly Endemol networks affected in the attack\r\n\"Banijay is currently managing a cyber incident involving the pre-existing Endemol Shine Group and Endemol Shine\r\nInternational networks,\" the group said.\r\n\"The business has reason to believe certain personal data of current and ex-employees may have been compromised, as well\r\nas commercially sensitive information.\"\r\nBanijay reported the incident to local authorities in the United Kingdom and the Netherlands, where the assets affected in\r\nthe attack are located.\r\nThe French-based audiovisual production group has also hired third-party security experts to help with the attack\r\ninvestigation.\r\n\"The global group is currently investigating the situation with independent specialists, and to date, has reported the issue to\r\nthe relevant local authorities in both the Netherlands and the UK – the territories affected by the incident,\" Banijay added.\r\n\"We are continuing to take the appropriate steps and remain committed to protecting our employees, past and present, so if\r\nwe do identify any cases of data being taken or misused, we will contact the affected individuals directly.\"\r\nDoppelPaymer claiming to be behind attack\r\nWhile Banijay has only shared that they have suffered a cyber-attack and that some of their data might have been\r\ncompromised, the DoppelPaymer ransomware gang is claiming to be responsible.\r\nAs proof of the their involvement in the attack, the DoppelPaymer operators have shared several documents presumably\r\nstolen from Banijay's systems, a tactic adopted from Maze Ransomware starting with February 2020.\r\nDoppelPaymer is also taunting the French production group by referencing GDPR compliance issues and leaking an internal\r\nGDPR compliance document, among others.\r\nDoppelPaymer is a ransomware operation known for hitting enterprise targets since at least mid-June 2019 by gaining access\r\nto admin credentials and using them to deploy the ransomware payloads to all devices after compromising the entire\r\nnetwork.\r\nhttps://www.bleepingcomputer.com/news/security/masterchef-big-brother-producer-hit-by-doppelpaymer-ransomware/\r\nPage 3 of 5\n\nThis ransomware gang is also known for asking large ransoms since they have been known to encrypt hundreds and even\r\nthousands of devices on their victims' networks.\r\nFor instance, in November 2019, Mexico's state-owned oil company PEMEX was hit by DoppelPaymer and was asked to\r\npay $4.9 million worth of bitcoins as a ransom.\r\nDoppelPaymer got its name from BitPaymer (with which it's sharing large portions of code) but the gang has also added\r\nnumerous upgrades including a threaded encryption process for faster operation.\r\nA Banijay spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.\r\nUpdate 1: Added DoppelPaymer ransomware info and updated title.\r\nUpdate 2: A Banijay spokesperson said that the incident is still under investigation.\r\nThe pre-existing Endemol Shine Group network, which also comprises Endemol Shine International, has been\r\ntargeted in a cyber-attack. We are currently investigating the matter and at this stage have no further comment.\r\nhttps://www.bleepingcomputer.com/news/security/masterchef-big-brother-producer-hit-by-doppelpaymer-ransomware/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/masterchef-big-brother-producer-hit-by-doppelpaymer-ransomware/\r\nhttps://www.bleepingcomputer.com/news/security/masterchef-big-brother-producer-hit-by-doppelpaymer-ransomware/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/masterchef-big-brother-producer-hit-by-doppelpaymer-ransomware/"
	],
	"report_names": [
		"masterchef-big-brother-producer-hit-by-doppelpaymer-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434661,
	"ts_updated_at": 1775791260,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/808eccefd3433928ac58b4334d0a5c3983038294.pdf",
		"text": "https://archive.orkl.eu/808eccefd3433928ac58b4334d0a5c3983038294.txt",
		"img": "https://archive.orkl.eu/808eccefd3433928ac58b4334d0a5c3983038294.jpg"
	}
}