BlackMatter Knocks Marketron Off the AirRansomware Gang's Second Attack in 3 Days Affects 6,000 Broadcasters
Marketron Broadcast Solutions was hit over the weekend by a ransomware attack launched by the BlackMatter gang, and the attack has taken down a number of the marketing firm's products.
In a letter to Marketron customers tweeted by radio station KPAY news announcer Matt Ray, Marketron CEO Jim Howard said his firm is currently in contact with BlackMatter and the FBI. Howard did not mention a ransom amount or any additional threats made by the attacker.
"With the assistance of third-party specialists, we are working diligently to identify the full nature and scope of the event, including what, if any, impact there may be to customer data. We continue to investigate, and we will provide additional information as it becomes available," Bo Bandy, Marketron's vice president of growth marketing, said in a statement.
The company does not know how BlackMatter gained entry or what information the attacker may have compromised. The company says any credit card information its customers have shared through its PayNow service is not affected because it is handled through a third-party card processor and is not maintained on Marketron's servers.
The attack directly affects the company's 6,000 media industry customers, with most of the services offered still offline as of Tuesday. The company currently does not have a time frame for restoring services, Bandy said.
"The importance of supply chain risk management is on full display with this issue at Marketron. With over 6,000 customers impacted, that number is sure to grow exponentially in the downstream effects," says Ron Bradley, vice president of the third-party risk management firm Shared Assessments.
Marketron is a provider of enterprise revenue and management solutions for the media industry. The company's customer base is in the radio and television space and it manages $5 billion in annual advertising revenue, the company says.
BlackMatter has been involved in several recent high-profile attacks, including one launched Friday that affected the farmer's cooperative NEW Cooperative. The gang is demanding $5.9 million from that firm.
BlackMatter is believed to be a reincarnation of the defunct DarkSide ransomware gang, which targeted Colonial Pipeline Co. in May and disrupted fuel deliveries along the U.S. East Coast.
The Damage Done
Marketron attempted to assure its customers that the attack is limited to its own system, which is segregated from their infrastructure.
"Please consult with your own IT department as to any steps that may be taken to best protect your own systems," Bandy says.
Marketron lists eight of its services that are offline due to the attack. Five other services are still operating.
The affected products include:
- Marketron Traffic;
- Visual Traffic Cloud;
- Marketron Electronic Services for all traffic clients, including Electronic Orders and Invoices, Network Connect, Proof of Performance and PayNow;
- Advertiser Portal;
- Traffic Portal;
- Marketron Learning Center.
"With the assistance of third-party specialists, we are working diligently to identify the full nature and scope of the event including what, if any, impact there may be to customer data," says Bandy. "We continue to investigate, and we will provide additional information as it becomes available."
Security in Place
Howard in his letter told customers that Marketron had recently made significant investments in "separating backup and disaster recovery in different physical and network environments, instituting zero trust access management policies and new security detection and recovery tools."