GIF by Andrew Liszewski from Pirates of the Caribbean: Dead Man Tell No Tales (Disney)

It’s been a dizzying few days for news about hackers demanding ransom. It’s hard to tell which events are connected. But according to multiple reports, hackers are threatening to leak a major film owned by Disney, and sources tell Deadline that the movie is Pirates of the Caribbean: Dead Man Tell No Tales.




According to The Hollywood Reporter, Disney CEO Bob Iger informed employees at a town hall meeting on Monday that the company is working with federal investigators on the ransom case and that the “huge sum” will not be paid. Iger didn’t say what title could be potentially leaked, but with the new film in the Pirates franchise set for release on May 26th, it would be a very ripe target. According to the CEO, the perpetrators of the crime informed Disney that they would release the first five minutes of the film and continue to leak 20-minute chunks until the ransom is paid.


Rumors that a workprint of Star Wars: The Last Jedi had leaked made the rounds last week but that was ultimately deemed to be a hoax. Considering that film’s release is many months away and the fact that Disney would probably pay anything to stop it from being leaked, it’s safe to say that we’re not talking about Star Wars here.

Following the pirated release of most of the new episodes of Netflix’s Orange is the New Black, Disney should certainly be on edge. And considering how much of the box office gross for the last film in the series depended on foreign markets, a high-quality leak could surely hurt the film’s business around the world.

This latest hacking report comes in the midst of a global ransomware attack that has affected hundreds of thousands of victims in over 150 countries, inspired copycats, and ignited controversy over the US government’s cybersecurity policies.

In a related development, security researchers at Kaspersky Lab announced on Monday that they believe the initial ransomware attack that first began spreading on May 11th may be connected to the North Korean government. Kaspersky identified code in both an early variant of the WannaCry ransomware and code that has been attributed to the Lazarus Group. Most famously connected to the 2014 Sony hack, the Lazarus Group is believed to have at least worked for North Korea and has security firm Symantec has tied the group to a string of global bank heists. Symantec also posted about the connections between Lazarus and WannaCry today, but their report is more dubious about what the finding means.


There’s no indication that WannaCry and the Disney ransom are connected. Last month’s Netflix ransom was attributed to a hacker going by name TheDarkOverlord. The Pirates situation could be someone else altogether. What we do know is that hackers are suddenly demanding ransoms at an unprecedented rate.

[The Hollywood Reporter, Deadline, CyberScoop, SecureList]