Sony Pulls $40 Million Movie After Cyber Attack

Written by

Sony Pictures Entertainment has taken another multi-million dollar hit after pulling controversial comedy film The Interview following the decision by several major North American cinema chains not to screen it.

Regal Cinemas, AMC Entertainment and Cinemark Theatre – the three biggest distributors in the US – as well as several Canadian cinema companies announced they would be “postponing” viewings, effectively forcing Sony’s hand.

The National Association of Theatre Owners, representing over 32,000 screens, had the following statement:

“We are encouraged that the authorities have made progress in their investigation and we look forward to the time when the responsible criminals are apprehended. Until that happens, individual cinema operators may decide to delay exhibition of the movie so that our guests may enjoy a safe holiday movie season experiencing the many other exciting films we have to offer.”

Sony said it was “deeply saddened at this brazen effort to suppress the distribution of a movie.”

"In light of the decision by the majority of our exhibitors not to show the film The Interview, we have decided not to move forward with the planned December 25 theatrical release," it added in a statement.

The film is said to have cost over $40 million to make.

It’s thought that the movie, starring Seth Rogan and James Franco, may have indirectly been responsible for the destructive information-stealing cyber attack on Sony last month.

Hackers calling themselves ‘the Guardians of Peace’ claimed responsibility for the attack, which wiped hard drives and forced a shut down of the entire corporate network.

Sensitive information, including the phone numbers of A-list movie stars and even the script of the new James Bond film, was subsequently leaked online.

That same group earlier this week threatened to terrorize cinema-goers choosing to watch the film.

“Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time,” it warned in an online note on Tuesday.

Although the self-styled moniker of the attackers indicates a hacktivist group, it has been suggested that the attack may have been sponsored by the North Korean government, which is lampooned in the movie.

Pyongyang threatened a “resolute and merciless” response if the film was released. In addition,  Destover, the malware which has been linked to the attack, shares C&C infrastructure with other malicious code specifically crafted in the past to attack South Korea, according to Symantec.

Brendan Rizzo, EMEA technical director at Voltage Security, argued that the attack blurs the line between state-sponsored attack and cyber protest.

"If attackers gain an upper hand and are able to wreak damage on companies at will without being traced, and if these attacks are able to achieve at least some of their objectives, then this could be a harbinger of an escalation in these types of attacks still to come," he added. 

"That is why it is so important that companies give their utmost attention to protecting their sensitive customer, employee, and company data in a best-practice data-centric manner to shield themselves from any such attacks."

What’s hot on Infosecurity Magazine?