Detroit PBS Faces Major Cybersecurity Breach by Qilin Group
Incident Date:
September 25, 2024
Overview
Title
Detroit PBS Faces Major Cybersecurity Breach by Qilin Group
Victim
Detroit PBS
Attacker
Qilin
Location
First Reported
September 25, 2024
Qilin Ransomware Group Targets Detroit PBS in Significant Cyber Attack
Detroit PBS, a prominent educational and cultural resource in the Detroit area, has fallen victim to a ransomware attack orchestrated by the Qilin group. The attack, discovered on September 24, resulted in the compromise of 573 GB of data, posing a significant threat to the station's operations and its role as a community-licensed public television station.
About Detroit PBS
Detroit PBS, officially known as Detroit Public Television, is a non-commercial public television station serving the Detroit metropolitan area. It is renowned for its diverse programming that emphasizes education, community engagement, and the arts. As Michigan’s only community-licensed public television station, Detroit PBS stands out for its strong community ties and commitment to transparency, as evidenced by its GuideStar Platinum Seal of Transparency. The station operates multiple channels and services, including the classical and jazz radio station WRCJ 90.9 FM, and reports an annual revenue of approximately $22.4 million, primarily from viewer support.
Details of the Ransomware Attack
The Qilin ransomware group, known for its sophisticated cyber attacks, claimed responsibility for the breach. The attackers reportedly exfiltrated a substantial amount of data, impacting Detroit PBS's ability to serve its audience effectively. The attack highlights vulnerabilities in the station's cybersecurity infrastructure, which may have been exploited through phishing emails or other common entry points used by ransomware groups.
Profile of the Qilin Ransomware Group
Qilin, also known as Agenda, operates under a Ransomware-as-a-Service model, providing affiliates with tools to conduct ransomware operations. The group has gained notoriety for its use of Rust-based malware, which enhances its evasion capabilities. Qilin employs a double extortion strategy, encrypting data and threatening to release it unless a ransom is paid. The group has targeted over 150 organizations across 25 countries, with a focus on sectors like healthcare and education.
Qilin's ability to penetrate systems is often attributed to its use of phishing emails and exploitation of network vulnerabilities. The group's dark web presence serves as a platform for extortion, where they post details about their victims to pressure them into compliance.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.