Four months later, Cox Media confirms ransomware attack

The Cox Media Group, one of the largest media conglomerates in the US, has formally acknowledged a ransomware attack that crippled and took down live feeds for several TV and radio stations earlier this year, in June.

In breach notification letters filed with US state attorneys’ offices this week, CMG acknowledged the incident for the first time after it previously warned employees not to confirm the intrusion or share details about the attack with the press. The acknowledgment also comes more than four months after the attack took place.

CMG said the incident only impacted “a small percentage of servers” that were encrypted by a ransomware group.

Although the intruders asked for a ransom demand to decrypt affected servers, CMG said they responded by taking the servers offline.

“CMG did not pay a ransom or provide any funds to the threat actor as a result of this incident,” it explained.

The company also said that a recent investigation found that the intruders tried and failed to copy HR-related files from one of the breached servers.

CMG said that even if the attackers didn’t manage to remove the files, the company is now notifying all employees who had data stored in those files after sending an initial set of notifications earlier this year, on July 30.

Personal data stored in the files included the likes of:

  • names
  • addresses
  • Social Security numbers
  • financial account numbers
  • health insurance information
  • health insurance policy numbers
  • medical condition information
  • medical diagnosis information
  • online user credentials

Since the June 3 attack, no ransomware gang has stepped forward to take credit for the Cox Media Group intrusion or to threaten to leak files from the company.

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Recent Posts

Zoho warns of new zero-day vulnerability exploited in attacks

Zoho urged customers on Friday to update their ManageEngine servers and apply a software fix…

3 hours ago

China’s ride hailing giant Didi Chuxing to delist from NYSE, sell shares in Hong Kong

China's answer to UBer, Didi Chuxing, announced on Friday that it will delist from the…

3 days ago

FBI says the Cuba ransomware gang made $43.9 million from ransom payments

The US Federal Bureau of Investigations said today that the operators of the Cuba ransomware…

3 days ago

Germany warns of ransomware attacks over Christmas, citing Emotet return, unpatched Exchange servers

The German cybersecurity authority has told German organizations to expect ransomware and other cyber-attacks over…

3 days ago

Ransomware tracker: the latest figures [December 2021]

Ransomware attacks have been dominating the headlines, thanks to high-profile incidents against organizations including Colonial…

3 days ago

A mysterious threat actor is running hundreds of malicious Tor relays

Since at least 2017, a mysterious threat actor has run thousands of malicious servers in…

3 days ago