An independent cinema chain that programs arthouse films and community events has halted screenings in Portland and Indianapolis after a cyberattack paralyzed its technology backbone.
Executives called the incident “cruel” and said by email that staff believed ransomware was involved, which has led to core systems being locked and the website going down. Store, ticket processing, and screening management systems are not available — doors are closed and refunds are on hold until infrastructure can be reinstated.
What Happened at the Portland and Indianapolis Theaters
Living Room Theaters said an unspecified perpetrator targeted vital systems, causing service to be abruptly stopped at both establishments. Arriving for scheduled showtimes, moviegoers found closure notices, and social posts by employees pointed toward widespread file encryption — the hallmarks of a ransomware event. The chain said it plans to honor all unused tickets once its payments and refund systems are working again.
The company is working with federal authorities and incident-response experts to evaluate and mitigate the damage. Leadership said they are in touch with the FBI’s Portland office and working with the Cybersecurity and Infrastructure Security Agency — a common step for organizations that need to contain threats, repair services, or mitigate potential data exposure.
Why a Movie Theater? It’s a Tempting Target
Modern theaters are deeply digital. In addition to online ticketing and payment kiosks, they rely on theater management systems (TMS) to program showtimes, turn auditorium lights and sound on or off, and ingest the encrypted digital cinema packages that contain films. KDMs are time-sensitive and locked to their particular server, so if domain controllers go down, server rooms experience failures, or scheduling systems become blocked or corrupted by malicious software, staff can’t start shows, even though a projector might technically power on.
Such close-knit ties make smaller amusement operators targets for extortionists. Attackers are increasingly targeting mid-market and smaller businesses, says Coveware, which negotiates ransomware attacks, because they’re easier to disrupt and may pay lower ransoms more often. For a cinema, downtime also impacts concessions, loyalty programs, payroll, and vendor ordering — compounding the operational headaches.
Independent Theaters Have a Lot at Stake During Closures
Independent cinemas, meanwhile, have an outsize role in wrangling documentaries and festival standouts that can’t get wide distribution. It opened in Indianapolis when it seemed impossible to get people interested in going out to see a movie, but developed a “very loyal fan base” by coupling arthouse titles with local programming. And the loss of revenue that venues can ill afford during peak moviegoing months can be debilitating for smaller theaters in their leaner months.
The broader context is challenging. According to Comscore data, the domestic box office has not returned to its pre-pandemic peaks, and even some of the biggest chains have seen attendance ebb and flow. The numbers: reports have indicated something in the neighborhood of a 10% decline in foot traffic over last year for major exhibitors, reflecting consumer price sensitivity and an acceleration of streaming windows. For indies that depend on eventized screenings and community word-of-mouth, sudden closures are particularly destructive.
The Ransomware Squeeze on Smaller Organizations
The FBI’s Internet Crime Complaint Center has reported record losses of more than $12 billion in a single year for cybercrime, and ransomware attacks are still disrupting critical services such as schools and local businesses.
Joint advisories from the FBI, CISA, and international partners have noted that criminal groups are rotating tactics — encrypting lockups and pure data theft — while playing on common weaknesses like unprotected remote access, unpatched software, or reused credentials.
For small and mid-sized operators, security experts generally advise basic safeguards that can blunt the harshest consequences:
- Offline, tested backups
- Separation of networks among the office, point-of-sale, and projection systems
- Multifactor authentication wherever possible
- 24/7 endpoint detection and response to capture suspicious activity before it spreads
Rare in the arts world, incident tabletop exercises can greatly improve response time when seconds are an issue.
What Patrons Should Do Now While Systems Are Restored
Patrons who have tickets should hold onto digital receipts and follow official theater communications for updates regarding refunds and other scheduled showings. As a precaution, customers should check their recent card statements for online or in-person transactions and consider setting up transaction alerts. Security experts warn against clicking on unsolicited messages about “expedited refunds,” a phishing favorite whenever breaches make headlines.
For Living Room Theaters, the primary issue is getting the core systems back up, verifying that projection servers and point-of-sale machines are clean, and redeploying its website under a more secure environment. The episode is a reminder of a broader truth for cultural institutions: even the smallest venues are now on the front lines of cybercrime — and resilience has become as necessary to many organizations as a working projector and a full house.
