The British company that owns the rights to Paddington Bear has reportedly been hacked by a ransomware gang. The gang is now threatening to release sensitive information about the company that represents the lovable children’s book character.
The Sun reports that the Rhysida ransomware group, which allegedly operates from Russia, has claimed responsibility for the attack and is now goading the well-known talent agency, simply called The Agency, to pay it lest data be released. The company has refused to pay, the newspaper writes.
The Sun cites a letter that was circulated internally at The Agency, which represents the estate of Michael Bond, who created the lovable bear character. “Last week The Agency was subject to a ransomware attack by a criminal cyber group,” the letter said. “They claim to have stolen data they will publish if not paid a ransom. We have taken measures to ensure the security of our systems and continue to closely monitor them as a priority.”
The Sun notes that another internal email warned there is a “reasonable chance” the ransomware gang would make good on its threat to release files. “Unfortunately, this does include some of your data,” the message read.
Gizmodo reached out to The Agency for comment and will update this story if it responds.
It’s unclear what kind of data the hackers could really release about a fictional bear (it’s not exactly like he could be involved in a sex scandal or something) or its creator, but it’s unfortunate nonetheless. Free Paddington, I say. Let the bear go free. That said, it’s not clear that the hackers have singled out the bear or his author—and it isn’t clear yet what kind of data the gang intends to leak.
A previous brief on the Rhysida ransomware group from CISA, America’s cyber defense agency, states that the group is prone to engage “in ‘double extortion’—demanding a ransom payment to decrypt victim data and threatening to publish the sensitive exfiltrated data unless the ransom is paid.” It adds that Rhysida actors “direct victims to send ransom payments in Bitcoin to cryptocurrency wallet addresses provided by the threat actors.”
Ransomware gangs haven’t been in the news as much as they used to be, but the cybercriminal industry has continued to pillage targets all over the world. The U.S. Justice Department under the Biden administration notably stepped up operations aimed at disrupting the ransomware ecosystem, though—like any criminal underworld—it is difficult to definitively stop any sort of criminal activity.