Netflix held to ransom after hacker steals new season of ‘Orange Is the New Black’

An anonymous hacker, or hacking group, has released the upcoming season of Orange Is the New Black to a pirate site after Netflix allegedly failed to respond to a ransom demand.

The first 10 episodes of season 5 were stolen during an attack on Larson Studios, an  audio post-production company, in late 2016. Given that Larson Studios is a third-party vendor, Netflix doesn’t have control over the studio’s cybersecurity, but it is ultimately responsible for protecting its own intellectual property.

In a brief statement to the media, Netflix said it was “aware of the situation” and that “the appropriate law enforcement authorities are involved.” However, the biggest statement the company made was in ignoring the ransom.

The attack was “destined to fail”

Victims of cyber ransoms are told time and again to not meet criminals’ demands. However much they value the stolen data, paying the ransom does not guarantee that the information will be returned, and doing so only makes them a target for repeated shakedowns.

In this case, the hacker, or hacking group, who uses the moniker TheDarkOverlord misjudged how Netflix would respond. After spotting a vulnerability in Larson’s security, TheDarkOverlord snuck in and grabbed the available episodes of Orange Is the New Black, Netflix’s most popular show. They then sent a message to Netflix threatening to post the episodes on torrent site The Pirate Bay unless, as Variety reports, they handed over 30 bitcoin (approximately $53,000).

When Netflix refused to respond, TheDarkOverlord wrote a follow-up message, which was posted by security blogger Graham Cluley. “It didn’t have to be this way, Netflix,” it reads. “You’re going to lose a lot more money in all of this than what our modest offer was.”

The problem is that Netflix probably won’t lose very much money at all.

Faced with TheDarkOverlord’s demands, Netflix evidently felt that having one of its products available on torrent sites wouldn’t be a disaster. Its decision may have been made easier by the fact that, even if audiences downloaded the 10 available episodes, they would still need Netflix subscriptions to watch the final three. If anything, the leaked episodes would encourage more people to subscribe to its service.

Given this, Cluley commented that he doubted that Netflix considers the leak “that big a deal.” Meanwhile, Wired said the plan “wasn’t worth even one cent to prevent” and was “destined to fail.”

The futility of the attack has led some to believe TheDarkOverlord never intended for the ransom to be paid, but instead performed the attack to gain publicity.

Preventing breaches with vsRisk

Although the immediate fallout of this breach will probably be limited, it will have no doubt inconvenienced both Netflix and Larson Studios. There’s also the fact that, given the attack on Larson was successful (even if the extortion of Netflix wasn’t), similar attacks are likely to happen in the future.

Production studios certainly aren’t the only new market for cyber criminals to ply their trade. More and more industries that were once seemingly under hackers’ radars must now pay attention to the threats they face and, in turn, address the vulnerabilities to their businesses.

If you’re concerned about your organization’s cybersecurity, you should get started now. One of the first things you’ll need to do is conduct a risk assessment. This can often feel like a daunting task, which is why we recommend the risk assessment tool vsRisk™. Fully compliant with ISO 27001, vsRisk helps you produce an information security risk assessment quickly and easily.

Find out more about vsRisk >>