{
	"id": "0d2549e6-f791-4e28-94bd-93efafa4861c",
	"created_at": "2026-04-06T00:22:38.7211Z",
	"updated_at": "2026-04-10T13:12:07.61807Z",
	"deleted_at": null,
	"sha1_hash": "b804e0487c27078bf1f1ec1c588f5e460727d3af",
	"title": "Nine Entertainment warns ransomware recovery 'will take time'",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 57087,
	"plain_text": "Nine Entertainment warns ransomware recovery 'will take time'\r\nBy Ry Crozier\r\nPublished: 2021-03-29 · Archived: 2026-04-05 14:35:36 UTC\r\nNine Entertainment warned Monday night that it would be some time before it could fully restore core systems\r\nand connectivity following a ransomware infection over the weekend.\r\nChief information and technology officer Damian Cronan said in a letter to staff that 9Technology - the company’s\r\nIT organisation - had contained the attack, mostly by isolating the company's corporate network from the rest of\r\nthe group’s operations.\r\nNews of containment came after a report by The Australian Financial Review - which is owned by Nine - that\r\npinned the infection on the MedusaLocker ransomware.\r\nMedusaLocker first appeared in 2019 and attempts to establish persistence in targeted environments while also\r\ndeleting any backups that it finds.\r\nCisco Talos Intelligence Group researchers said last year that MedusaLocker had several features not found in\r\nother malware variants, including the ability to “encrypt the contents of mapped network drives”, “force network\r\ndrives to be remapped so that their contents can also be encrypted”, and “profile the network to identify other\r\nsystems that can be used to maximise the likelihood of a ransom payment.”\r\nNine has not officially confirmed whether MedusaLocker is the type of malware that was involved.\r\nhttps://www.itnews.com.au/news/nine-entertainment-warns-ransomware-recovery-will-take-time-562755\r\nPage 1 of 2\n\nCronan called the attack “significant, sophisticated and complex”.\r\nThe company has previously suggested it has not received a ransom demand, and security researchers are yet to\r\nsee a public claim of the attack.\r\nNine CEO Mike Sneesby said that “a number of core systems remain offline”; Cronan added that connectivity\r\nbetween different business units, geographies and external partners had been disabled to prevent further spread of\r\nthe malware.\r\nStaff across Nine have been asked to “run a diagnostic on [their] laptop to ensure [the company has] isolated any\r\ninfected workstreams.”\r\nCronan said the company is confident it has been able to “isolate the attacker and the specific destructive activity\r\nthat was initiated.”\r\nHe did not say how bad the damage is, but sources told iTnews yesterday that potentially thousands of machines\r\nwere impacted, either directly through infection or indirectly by being switched off.\r\n“The consequence of this containment strategy is that our corporate network has been disconnected from the\r\ninternet, and all internal networks separated from one another (e.g. broadcast from publishing, Sydney from\r\nMelbourne etc),” Cronan said in an email to staff.\r\n“Other upstream and downstream providers have also been disconnected. \r\n“This has been an effective strategy however, it also means several services that are dependent on the corporate\r\nnetwork are not available. \r\n“This will have a significant impact on business-as-usual processes across the organisation.”\r\nCronan said that 9Technology is working to recover its most critical aspects of service delivery as a priority.\r\nThese include “on-air and print operations, revenue-driven services, and other critical business services.”\r\nCronan warned that full recovery from the infection may not be quick.\r\n“We will be carefully assessing how we bring back controlled levels of connectivity into the network with an\r\nemphasis on service restoration,” Cronan said.\r\n“I want to be clear it will take time before all our systems are back up and running.”\r\nSource: https://www.itnews.com.au/news/nine-entertainment-warns-ransomware-recovery-will-take-time-562755\r\nhttps://www.itnews.com.au/news/nine-entertainment-warns-ransomware-recovery-will-take-time-562755\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.itnews.com.au/news/nine-entertainment-warns-ransomware-recovery-will-take-time-562755"
	],
	"report_names": [
		"nine-entertainment-warns-ransomware-recovery-will-take-time-562755"
	],
	"threat_actors": [],
	"ts_created_at": 1775434958,
	"ts_updated_at": 1775826727,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b804e0487c27078bf1f1ec1c588f5e460727d3af.pdf",
		"text": "https://archive.orkl.eu/b804e0487c27078bf1f1ec1c588f5e460727d3af.txt",
		"img": "https://archive.orkl.eu/b804e0487c27078bf1f1ec1c588f5e460727d3af.jpg"
	}
}