Cyber Incident Victim: Florida Studio Theatre
Date:
Feb 2021
Location:
United States of America
Summary
Florida Studio Theatre experienced a ransomware attack that disrupted its business operations by shutting down its network, prompting an immediate response. The incident compromised some internal office files, though no evidence indicated unauthorized access to patron information or credit card data. The DoppelPaymer group claimed responsibility and listed the organization on their leak site, but their published proof included unrelated files alongside one relevant sample, raising questions about the validity or nature of the data breach. Business recovery efforts were underway following the attack.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 12, 2021, Florida Studio Theatre experienced a ransomware attack that disrupted its business systems during Valentine’s Day weekend. The attack compromised internal office files and forced an immediate network shutdown, halting normal operations. Managing Director Rebecca Hopkins confirmed the theatre reacted swiftly to contain the incident but emphasized the primary impact was severe business interruption. Initial investigations revealed no evidence that patron information or credit card data was accessed or exfiltrated. The attack paralyzed administrative functions, requiring intensive recovery efforts to restore systems. By February 24, the DoppelPaymer ransomware group listed FST on its dedicated leak site, claiming responsibility and threatening to release stolen data. The group published sample files purportedly extracted from FST’s network as proof of their access.
Analysis of the leaked samples revealed inconsistencies, as only one file appeared relevant to FST while others were unrelated. This anomaly raised questions about whether the theatre stored extraneous data or if the attackers misrepresented their access. DataBreaches.net contacted FST for clarification regarding the discrepancies but received no public response by the time of their February 26 report. The theatre’s recovery process remained ongoing, focusing on restoring business continuity and securing systems against further compromise. No additional operational or financial consequences were disclosed beyond the initial disruption and data exposure uncertainties.