Royal ransomware group claims it attacked Iowa PBS station

A ransomware group linked to a number of recent hacks said on Thursday that it was behind a cyberattack on the Iowa branch of the Public Broadcasting Service.

Susan Ramsey, director of communications for Iowa PBS, told The Record that in the early hours of November 20, Iowa PBS “became aware of suspicious activity” on its network systems. “We swiftly brought in systems experts to help us identify the issue,” Ramsey said.

“Iowa PBS’s ability to serve Iowans has not been affected. The broadcast, livestreams and digital platforms are still operational and Iowa PBS will continue to educate, inform, enrich and inspire Iowans."

Ramsey declined to provide more information about the incident, citing laws in Iowa that make cybersecurity information confidential.

Another representative said breach notification letters had been sent out but would not say how many people may have been affected and what kind of information was accessed during the cyberattack. 

Two days after Iowa PBS became aware of the incident, several local news outlets reported it cut short its annual fall fundraising pledge drive due to a cyberattack.

The organization said that while the cancellation meant there would be a “considerable” loss of donor revenue, they were “more concerned about maintaining the public's trust and our relationship with our viewers."

On Thursday, the Royal ransomware group took credit for the attack but did not say what files they stole. 

The ransomware – which emerged in September and claimed a number of victims including one of the most popular motor racing circuits in the United Kingdom – is being distributed by multiple threat actors, according to Microsoft.

It was used in an attack on one of the most popular motor racing circuits in the United Kingdom and The U.S. Department of Health and Human Services (HHS) warned hospitals and organizations in the healthcare sector to stay on alert for attacks, noting that actors using the ransomware typically demand ransoms between $250,000 and $2 million.

Iowa PBS is the latest news outlet to be attacked by ransomware groups in 2022. Just last week, The U.K.’s Guardian newspaper told staff not to come into the office due to a suspected ransomware attack.

Nikkei Group — one of the world’s largest financial news outlets — announced a ransomware attack in May and in January, the Lapsus$ extortion gang attacked Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso, the country’s largest TV channel and weekly newspaper, respectively.

In previous years, ransomware groups have launched attacks against Cox Media Group, CBS-owned Entercom, France’s M6 and The Weather Channel.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.