Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

MasterChef, Big Brother Producer Hit By DoppelPaymer Ransomware

MasterChef, Big Brother Producer Hit By DoppelPaymer Ransomware

French multinational production and distribution firm Banijay Group SAS was hit earlier this month by a DoppelPaymer ransomware attack and had sensitive information stolen by the ransomware operators during the incident.

Yesterday, Banijay publicly confirmed a cyber incident that led to employee and commercially sensitive data potentially being compromised.

Banijay became one of the largest if no the largest international groups in the audiovisual content production and distribution market after acquiring Endemol Shine Group for $2.2 billion in July 2020.

The group is now home to more than 120 production companies across 22 territories and it is behind some of the biggest global entertainment brands including scripted and non-scripted content.

Banijay’s brand list includes MasterChef, Survivor, Big Brother, The Kardashians, Mr. Bean, Black Mirror, Extreme Makeover: Home Edition, and Deal or No Deal among many others.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

Only Endemol networks affected in the attack

“Banijay is currently managing a cyber incident involving the pre-existing Endemol Shine Group and Endemol Shine International networks,” the group said.

“The business has reason to believe certain personal data of current and ex-employees may have been compromised, as well as commercially sensitive information.”

Banijay reported the incident to local authorities in the United Kingdom and the Netherlands, where the assets affected in the attack are located.

The French-based audiovisual production group has also hired third-party security experts to help with the attack investigation.

“The global group is currently investigating the situation with independent specialists, and to date, has reported the issue to the relevant local authorities in both the Netherlands and the UK – the territories affected by the incident,” Banijay added.

“We are continuing to take the appropriate steps and remain committed to protecting our employees, past and present, so if we do identify any cases of data being taken or misused, we will contact the affected individuals directly.”

DoppelPaymer claiming to be behind attack

While Banijay has only shared that they have suffered a cyber-attack and that some of their data might have been compromised, the DoppelPaymer ransomware gang is claiming to be responsible.

As proof of the their involvement in the attack, the DoppelPaymer operators have shared several documents presumably stolen from Banijay’s systems, a tactic adopted from Maze Ransomware starting with February 2020.

DoppelPaymer is also taunting the French production group by referencing GDPR compliance issues and leaking an internal GDPR compliance document, among others.

DoppelPaymer is a ransomware operation known for hitting enterprise targets since at least mid-June 2019 by gaining access to admin credentials and using them to deploy the ransomware payloads to all devices after compromising the entire network.

DoppelPaymer leak site

This ransomware gang is also known for asking large ransoms since they have been known to encrypt hundreds and even thousands of devices on their victims’ networks.

Also Read: Limiting Location Data Exposure: 8 Best Practices

For instance, in November 2019, Mexico’s state-owned oil company PEMEX was hit by DoppelPaymer and was asked to pay $4.9 million worth of bitcoins as a ransom.

DoppelPaymer got its name from BitPaymer (with which it’s sharing large portions of code) but the gang has also added numerous upgrades including a threaded encryption process for faster operation.

A Banijay spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.

Update: Added DoppelPaymer ransomware info and updated title.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us