Cox Media Group hit by cyberattack last week, sources familiar tell CNN
Cox Media Group’s television and radio stations across the US were hit by a cyberattack last week, with some stations still untangling from the impact, according to two sources familiar with the situation.
The sources did not say if this was a ransomware attack or some other cyber intrusion, but systems used by the stations were impacted and station operations were disrupted.
The attack is being investigated by federal law enforcement, one of the sources said.
Cox Media Group is not affiliated with Cox Communications, owner of the cable system serving Santa Barbara.
Multiple systems are still down this week, including access to the digital video library, according to employees from two stations. Weather computers were also not working for at least two stations.
Some station employees tell CNN they have not yet recovered email and are working on workarounds. Stations have asked staff not to open email on their phones. One station on Wednesday was experiencing new issues, including phone lines and broadcast software failing, an employee said.
Cox Media Group and its parent company have not commented publicly about the attack nor has any official statement come from corporate to staff.
Cox has 33 television stations in 20 markets across the US. Cox and Apollo Global Management, which owns Cox, have not responded to CNN’s repeated requests for comment.
There has been nothing that’s been posted on ransomware extortion sites and no claims of responsibility, said Allan Liska of Recorded Future. Liska said if internal systems are affected that likely indicates ransomware.
Last week, after complaints about a change in programming, Hulu said on Twitter that there was “an issue with the feed” from one of the Cox stations.
“Apologies for the trouble! There’s currently an issue with the feed from WSB that’s under investigation, and we hope to see this cleared up soon. We appreciate your patience in the meantime!,” the June 3 tweet read.
The attack comes as the US sees a sharp increase in cyber breaches and ransomware attacks that have targeted a wide swath of American life — including food, gas, water, hospitals and transport — and become a key issue for the Biden administration to confront during its early months.
The ongoing threat was put into sharp focus Sunday by Energy Secretary Jennifer Granholm, who warned in stark terms that the US power grid is especially vulnerable to attacks.
Responding to a question on “State of the Union” about whether the nation’s adversaries have the capability of shutting it down, Granholm said: “Yeah, they do,” adding, “There are thousands of attacks on all aspects of the energy sector and the private sector generally … It’s happening all the time.”
Among the recent ransomware attacks was one carried out against Colonial Pipeline by hackers which prompted the shutdown of the key East Coast pipeline down last month in a move that resulted in the criminal hackers receiving millions in cryptocurrency — though on Monday the Justice Department announced they had successfully recovered most of the ransom from the hackers.
Moscow has denied involvement in that attack, which the FBI has said originated from a criminal group originating from Russia, named “DarkSide.”
The White House said last week that an attack on JBS USA, one of the world’s largest food companies, was the work of a “criminal organization likely based in Russia. In the wake of the JBS attack, the US Cybersecurity and Infrastructure Security Agency (CISA) warned that any organization can be affected by ransomware “in any sector of the economy.”
“As this and other recent incidents demonstrate, the threat of ransomware continues to be severe. Ransomware can affect any organization in any sector of the economy. All organizations should urgently review our available resources and implement best practices to protect their networks from these types of threats,” Eric Goldstein, the executive assistant director for cybersecurity at CISA, said in a statement.
This story has been updated with additional details Wednesday.