Nine Entertainment’s broadcast and corporate business units were disrupted by a “cyber attack” early on Sunday morning, with the effects still being felt.
The company, which operates free-to-air stations such as Channel 9, confirmed the attack on Sunday evening, after earlier refusing to confirm or deny it had been hit.
The attack has taken down computer systems at Nine Sydney, which is located in North Sydney.
“Our IT teams are working around the clock to fully restore our systems which have primarily affected our broadcast and corporate business units,” Nine’s director of people and culture Vanessa Morley said in an all-staff email.
“Publishing and radio systems continue to be operational.
“While our IT teams work through this issue, we ask that all employees, in all markets, work from home until further notice.”
The company said it had been able to put “several contingencies in place to ensure the NRL and our 6pm bulletins will proceed.”
Reuters reported that the company was trying to get its 6pm news bulletin done in Melbourne using a server that had not been compromised.
Earlier live broadcasts from Sydney were cancelled through the morning and replaced with either pre-recorded or interstate content.
Nine said its email systems did not appear to be impacted by the attack.
The Sydney Morning Herald, which is owned by Nine, reported the infection as “some kind of ransomware” attack, albeit using a malware strain and/or method not previously seen in Australia.
Sources told iTnews earlier in the day that the infection was believed to be ransomware and impacting several thousand machines, though a Nine spokesperson would not confirm or deny details through the day while investigations were ongoing.
It's not clear if all those machines are infected or were powered down to prevent the malware from spreading futher. It is understood at least part of the environment was powered down as a precautionary measure.
Ransomware researchers contacted by iTnews indicated they had not yet seen a group claim responsibility nor post a ransom demand.
iTnews understands the company has not received a ransom demand.
Investigators from the Australian Cyber Security Centre have been called in to investigate further and assist with the company's recovery efforts.
Gloss