Ransomware Suspected as a Possible Reason for the Outage at Some Outlets
Cox Media Group’s TV and radio affiliates’ ability to livestream content was mostly offline Thursday evening, possibly due to an unspecified cyber incident, says the security firm Recorded Future.
“We spent the evening after the initial report looking for Cox-affiliated stations and testing their livestreams. Every single Cox station we could find, the livestream was broken,” says Allan Liska, a senior intelligence analyst at Recorded Future.
Liska did not identify an exact reason for the outage, but noted it has all the hallmarks of a ransomware attack.
“The attack has all the signs of a ransomware attack, but no one in Cox or [Apollo Global Management] leadership is talking. At this point, we can’t confirm it is a ransomware attack, but again, it sure feels like one from all the external indicators,” he says. Apollo own a majority stake in some Cox affiliates and stations.
NBC News is reporting that employees working at the Cox Media-owned ABC affiliate WFTV in Orlando, Florida, and NBC affiliate WPXI in Pittsburgh were told to shut down company-owned computers and phones.
An unnamed Cox employee tells The Record, which Recorded Future owns, that staffers at their affiliate were instructed to shut down and log out of all accounts to stop whatever was happening from spreading.
WFTV, WPXI and Cox Media Group have not responded to an Information Security Media Group request for additional information.
Cox operates more than 100 media outlets in 20 markets across the U.S.
The spate of attacks has spurred the federal government to take action, with Anne Neuberger, deputy assistant to the president and deputy national security adviser for cyber and emerging technology, sending an open letter to U.S. business leaders asking them to take ransomware seriously and prepare to defend their organizations.
“The private sector also has a critical responsibility to protect against these threats. All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location. But there are immediate steps you can take to protect yourself, as well as your customers and the broader economy,” Neuberger wrote.