Cox Media Group Confirms Ransomware Attack That Interrupted Streams


US media conglomerate Cox Media Group (CMG) has confirmed that it was hit by a ransomware attack that deleted live TV and radio broadcast streams in June 2021.

The company acknowledged the attack in data breach notification letters sent today via US Mail to more than 800 affected individuals who allegedly had their personal information exposed in the attack. The group first informed those potentially affected of the incident via email on July 30.

“On June 3, 2021, CMG experienced a ransomware incident in which a small percentage of servers in its network were encrypted by a malicious actor,” the broadcast company said.

“CMG discovered the incident the same day, when CMG found that some files were encrypted and inaccessible.”

Personal information exposed, but not stolen

Cox Media Group immediately took the systems offline after the attack was detected and reported the incident to the FBI after launching an investigation with the help of outside cybersecurity experts.

The media company found evidence that the attackers collected personal information stored on the breached systems. While they also attempted to exfiltrate this data outside of CMG’s network, there is no evidence that they were successful in their attempt.

CMG has found no evidence of identity theft, fraud, or financial loss affecting potentially affected people resulting from this incident since the June ransomware attack.

Personal information exposed during the attack includes names, addresses, social security numbers, financial account numbers, health insurance information, health insurance policy numbers, health status information, medical diagnostic information and online user credentials stored for human resource management purposes.

Ransom demand ignored

“CMG did not pay ransom or provide funds to the threat actor as a result of this incident. No malicious activity has been observed in CMG’s environment since June 3, 2021,” CMG added.

The company has also taken several measures to improve the security of its systems since the incident in order to detect and block further attempted breaches.

“These steps include multi-factor authentication protocols, enterprise-wide password reset, deployment of additional endpoint discovery software, reimaging of all end-user devices, and rebuilding clean networks, ”explained CMG.

CMG is a broadcast, publishing and digital media services company created by the merger of Cox Newspapers, Cox Radio and Cox Television in 2008.

Its operations include 33 television stations (including major subsidiaries of ABC, CBS, FOX, NBC and MyNetworkTV), 65 radio stations, as well as over 100 media outlets.

Cox Media Group has yet to return a request for comment made by BleepingComputer in June, right after the attack.

Leave A Reply

Your email address will not be published.