In an interview with Variety, Larson Studios president Rick Larson and his wife and business partner, Jill Larson, said they received two short text messages to their personal mobile phones two days before Christmas last year, but ignored them as they did not recognise the number from which they had been sent.
A second message to both Larsons on Christmas Eve told them to check their email for a message that would "change their lives". This proved to be true, with the email, which arrived a day later, telling them that the group had broken into their server and threatening to reveal all their data.
The Larsons said they had called in the studio's chief engineer David Dondorf and director of digital systems Chris Unthank who confirmed that all their data had disappeared. The thieves had left a note asking for a ransom in Bitcoin if they wanted the data to be returned.
The experts were able to determine that the Dark Overlord had been scanning the studio network for machines that were running older versions of Windows. They found their entry point in a Windows 7 machine.
After improving the security of the network, the process of ascertaining what had been stolen began. The Larsons did not immediately decide to pay the ransom, but had only a short window to respond as the hackers were threatening to release season five of Orange Is the New Black before New Year.
When the hackers delivered proof of what they had taken — including titles from Netflix, ABC, CBS and Disney — the Larsons decided to pay and simultaneously file a police complaint.
Even though they paid, they did not receive the material back.
At the end of March, the FBI informed the Larsons that the hackers were using the stolen material to try and blackmail various Hollywood studios. The Larsons had yet to inform any of the studios of the theft.
In April, the hackers leaked one episode of Orange Is the New Black and when Netflix did not pay up, nine more episodes were released about 45 days before they were to be broadcast.
Larson Studios now keeps digital audio and video files separate. Data which is taken out is encrypted by default, networks are separated and on-premise PCs are locked down.
Photo: courtesy Netflix.