Cox Media Group Mum On Ransomware Attack

At least two TV news stations were offline Thursday in what cybersecurity experts say appears to be a ransomware attack on their parent company.

NBC News reports ABC affiliate WFTV in Orlando, Florida, and NBC affiliate WPXI in Pittsburgh, which are both owned by the Cox Media Group, were told Thursday by managers to shut down company computers and phones.

CMG has not publicly acknowledged the cyber attack nor commented.  Station websites have since returned online.

"We are only able to communicate with each other over personal phones and text messages," said a WFTV employee who wasn't authorized to speak for the company and requested not to be named.

Both stations were able to still put together local broadcasts, but have been limited in what they can do. The event appeared to be the latest U.S. incident of ransomware, where hackers will infect a network and hold its files hostage while demanding payment, said Allan Liska, an analyst at the cybersecurity company Recorded Future.

“An ‘IT incident’ that spans multiple organizations in a company is almost always a ransomware attack,” Liska said.

Brett Callow, a threat analyst at the cybersecurity company Emsisoft, agreed.

“The most likely cause by far of any incident that involves unplanned and widespread IT disruption is ransomware or the detection of malware that can be used to deploy ransomware,” Callow said. “Basically, the other things which could potentially cause such a shutdown are far less likely.”

In Orlando, managers asked employees not to come into the station on Thursday and again Friday, but said little about what was wrong with the company's computer networks.

"They wouldn't let us say anything on social media about why we weren't on the air," the employee said. "We feel a need to let our viewers know."

In Pittsburgh, the IT network staff began shutting down company servers as a precaution Thursday morning, an employee there said.

"Since then we've been locked out," leaving staff unable to access emails and internal programs used for their broadcasts, the employee said. "It's pretty crippling at the moment."

Hackers have steadily attacked American businesses, schools and hospitals with ransomware for several years. But the problem only recently became an emergency for the federal government after an attack on the U.S.'s largest pipeline company, Colonial, shut down its fuel distribution for five days and caused some gas shortages.

Multiple country music radio stations owned by the Cox Media Group were affected by the ransomware attack that occurred on Thursday. According to Saving Country Radio, the radio stations were still able to broadcast, the live feeds on their websites and streaming networks were disabled, and some stations are unable to update programing or compose news or talk segments due to the cyber attack.

The country radio station affected in the attack include:

• WWKA 92.3 – Orlando, FL
• WNGC 106.1 – Athens, GA
• KWEN 95.5 – Tulsa, OK
• WHKO 99.1 – Dayton, OH
• KKBQ 92.9 – Houston/Galveston, TX
• KTHT 97.1 – Houston/Galveston, TX (Classic country)
• KKYX 680 AM – San Antonio, TX (Classic country)
• KCYY 100.3 – San Antonio, TX

Though some of Cox Media’s television stations had returned to normal programming by Thursday evening, many of the company’s radio station streams were still being affected, despite the physical websites remaining online.