Cyber Incident Victim: ABC News

On October 7, 2014, Australia’s ABC News 24 experienced a ransomware attack that disrupted its live broadcasting operations between approximately 9:30 AM and 10:00 AM. The incident forced the network to air standby programming during this half-hour window before resuming regular broadcasts from its Melbourne studio. ABC attributed the outage to an IT security issue affecting its primary broadcasting systems, specifically citing a ransomware infection on employee workstations. The malware, identified as part of the CryptoLocker family, infiltrated systems through a phishing campaign targeting ABC staff. Attackers distributed emails disguised as legitimate communications from Australian companies, which contained malicious links directing recipients to cloned phishing websites. Employees who downloaded and executed a zip file from these sites inadvertently deployed ransomware that encrypted critical files and systems.

The encryption rendered ABC News 24 temporarily unable to broadcast live content until the organization’s security team successfully decrypted the affected systems. While the incident lasted approximately 30 minutes, it occurred amid a broader surge in CryptoLocker-style attacks across Australia, with major corporations like Telstra and Energy Australia reporting similar phishing campaigns. Symantec noted a 1,300% increase in such ransomware incidents in Australia during this period, attributing the spread to socially engineered emails mimicking local postal services, energy suppliers, and other trusted entities. The attack on ABC aligned with global trends targeting media organizations, including documented cases affecting Hindustan Times and Israeli sports site one.co.il. No ransom payment details or specific financial impacts were disclosed by ABC, though the disruption demonstrated operational vulnerabilities to credential-based phishing and file-encrypting malware.