Live streams go down across Cox radio & TV stations in apparent ransomware attack

Live streams for radio and TV stations owned by the Cox Media Group, one of the largest media conglomerates in the US, have gone down earlier today in what multiple sources have described as a ransomware attack.

The incident took place earlier this morning and impacted the internal networks and live streaming capabilities for Cox media properties, such as web streams and mobile apps. Official websites, telephone lines, and normal programming remained running but some live programming could not go on air as scheduled.

"This morning we were told to shut down everything and log out our emails to ensure nothing spread. According to my friends at affiliate stations, we shut things down in time to be safe and should be back up and running soon," a Cox employee shared in a private conversation earlier today.

Live streams for some of the impacted TV stations have returned online, according to checks performed by The Record, but most of the Cox radio streams are still offline at the time of writing.



In the aftermath of the incident, some radio and TV stations had to cancel live programming, according to tweets shared by some Cox program hosts earlier today.

Companies like Hulu, which pick up Cox streams, have also confirmed issues with the c live broadcasts earlier in the day.

Today's ransomware attack has also been the main talking point of several private online communities dedicated to TV and radio reporters, who noticed that some of their colleagues have not gone on air earlier today.


While The Record has not been able to compile an exact list of impacted Cox radio and TV stations, we have been able to confirm issues with streams from News9, WSOC, WSB, WPXI, KOKI, and almost all Cox radio stations.

The Cox Media Group owns 57 radio and TV stations across 20 US markets. A spokesperson did not return a request for comment sent earlier today via email.

Sources have told The Record that the company's autonomous system, AS397123, has also disappeared from the internet DFZ (default-free zone) in what appears to be the company's attempts to deal with the attack.

Today's incident marks the second time a ransomware group has hit a major media conglomerate in the US. In September 2019, a ransomware gang hit CBS-owned Entercom, the second-largest radio broadcasting network in the States, taking some radio stations offline.

Ransomware attacks have also temporarily took down some big TV channels like France's M6 and US-based The Weather Channel in isolated attacks in 2019.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.