While some people are still fretting about WannaCry ransomware and possible variants of it, hackers are reportedly threatening to release Disney's upcoming Johnny Depp film if Disney doesn't pay a ransom.
Although Disney would not confirm that the stolen film is the fifth in the Pirates franchise, it doesn't intend to bow to extortion. The ransomed movie is Pirates of the Caribbean: Dead Men Tell No Tales, according to Deadline; it is scheduled to hit theaters on May 26.
News about the ransomed film came about during a town hall meeting in New York, when Disney CEO Bob Iger reportedly told ABC employees that the hackers are demanding "an enormous amount of money to be paid in bitcoin."
Citing industry sources, the Hollywood Reporter added that the hackers are threatening to release "five minutes of the film at first, and then in 20-minute chunks until their financial demands are met."
Neither how the hackers obtained the film, nor the "huge" bitcoin ransom has been reported, but Disney reportedly said it refuses to pay and is working with the FBI.
While it may have been a hoax last week when it was reported that "a work print of Star Wars: The Last Jedi had been pirated and was being held for ransom," the Hollywood Reporter noted that there have been "at least a half-dozen extortion attempts against Hollywood firms over the past six months alone."
At the end of April, "The Dark Overlord" hacking group tried to extort money from Netflix; the group uploaded the first episode of Orange Is the New Black and threatened to release more if Netflix didn't pay the ransom. The Dark Overlord then followed through with its threats by releasing 10 of 13 episodes from Season 5 when Netflix refused to cough up the ransom.
After dumping 10 new Orange episodes, the hackers called out others on their hit-list, including ABC, National Geographic, Fox and IFC. The Dark Overlord told Torrent Freak that it had obtained the episodes of Orange by gaining access to third-party production vendor Larson Studios back before Christmas 2016.
Even if the Disney-held-ransom reports are accurate, it's unclear how the new Disney film fell into the hands of hackers; some cybersecurity experts suggest it might be similar to what happened with Netflix: stolen via hacking a third party.
Hector Monsegur, Director of Security Assessments for Rhino Security Labs, told Deadline:
All these companies like Disney, Netflix and Discovery may have very good security teams but you have all these vendors and small production companies which don't have great security and probably don't have the budget to focus on their own security so hackers get in pretty easily. Remember back in the day when movies would leak online and they would go to a pirate bay? Now there has been a shift with the advent of ransomware so (these companies) are getting demands to pay for their own IP. Any studio is going to have a problem moving forward protecting their IPs.
Sign up for Computerworld eNewsletters.