New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


DoppelPaymer Claims Attack on Banijay SAS-owned Endemol Shine Group

Paris-based Banijay SAS is a French multinational entertainment production and distribution group with over 120 audiovisual production companies in 22 countries. It is responsible for many popular reality TV series, game shows and other entertainment programs. Banijay publicly confirmed on November 26th that it had been the victim of a cyber attack which led to employee data and other sensitive files being potentially compromised.

“Banijay is currently managing a cyber incident involving the pre-existing Endemol Shine Group and Endemol Shine International networks.”

Endemol was acquired by Banijay for $2.2 billion in July 2020. Although the official statement by Banijay does not offer many details, the DoppelPaymer website was updated to claim responsibility for the incident. As per usual, DoppelPaymer also listed some files as “proof” that they stole data from Endemol Shine Group.

Analyst Notes

As ransomware threats continue to grow every day, all organizations should take precautions against this type of attack. To prevent data loss, it’s important to maintain offline, encrypted backups of data and to regularly test them. Backups should be taken at regular intervals to ensure minimal data-loss if they are ever needed. Create and maintain an incident response plan that includes response and notification procedures for a ransomware incident. Regularly patch software and operating systems to the latest available versions. Employ best practices for use of RDP and other remote desktop services. Threat actors commonly gain initial access through insecure Internet-facing remote services or phishing. When an attack makes it through the outer layers of defense, it is important to have sufficient monitoring of endpoints and network devices, with quick response from a Security Operations Center that operates 24 hours a day, every day. For a more in-depth ransomware defense best practices and how to deal with a ransomware incident, see the CISA Ransomware Guide.