Cybercrime's rampant growth means no one is safe from attacks. Hollywood fell victim to hackers who stole, held to ransom and eventually leaked unreleased Netflix content in April. Now, Larson Studios, which was at the heart of the attack, has broken its silence on the matter. The studio reportedly said that it paid the hackers over $50,000 in Bitcoins only to see the attackers eventually leak unreleased content, including 10 episodes of the latest Orange is the New Black series.
The Netflix hack made headlines as the hacker/hacker group responsible, going by pseudonym The Dark Overlord (TDO), claimed to have stolen over 30 other movies and TV shows. Larson Studios reportedly made 19 Bitcoin transactions to the TDO hacker group. However, the studio didn't immediately heed the hackers' ransom demands, instead taking some time to figure out how to respond.
"We took a large part of January trying to figure out what exactly they had," Jill Larson told Vareity, adding that the studio extensively communicated with the hackers via email. "Before we were willing to pay any kind of extortion, we wanted some proof."
"The Dark Overlord had given us a very short window to respond. They were threatening us with actually releasing Orange Is the New Black before New Year's. So the feeling was that we needed to at least initially agree to cooperate and buy time," Jill Larson added.
How did the hack happen?
According to Larson studios, the attack was not targeted. The TDO hackers were allegedly scanning the internet for PCs running older Windows versions to launch attacks and happened to luck out and hit the jackpot by discovering an old computer at Larson Studios still running on Windows 7.
"They were basically just trolling around to see if they could find a computer that they could open," Larson Studios chief engineer David Dondorf said. "It wasn't aimed at us."
However, TDO made most of the opportunity, even going as far as to threaten Larson Studios with potential leaks in the event that they inform any news agency or law enforcement authorities about the attack. "We were very much under a heavy threat from the Dark Overlord," said Jill Larson. "One of the agreements was: You don't tell anybody that this happened, we won't tell anybody this happened."
Why did TDO leak despite ransom payment?
Despite Larson Studios keeping quiet about the attack and also meeting TDO's ransom payment, the hackers leaked stolen content. Why did this happen? TDO allegedly said that they leaked content in retaliation for the studio contacting the FBI.
"Don't trust hackers," said Rick Larson, president of the firm. "With the information that we had, we made the best decisions we could make at the time," he explained. "Those would not be the decisions that we would make now. They may have been a mistake, and for that, we are humbly sorry."
"A lot of what went on was ignorance," Rick Larson added. "We are a small company. Did we even know what the content security departments were at our clients? Absolutely not. I couldn't have told you who to call. I can now."