US TV Stations Hit

9051756286?profile=RESIZE_400xThe ransomware attacks inside the US don’t seem to be easing.  On 3 June 2021, at least two TV news stations were hit with ransomware and completely knocked offline with what researchers believe was a cyber-attack on their parent company – Cox Media Group. 

ABC affiliate WFTV in Orlando, Florida, and NBC affiliate WPXI in Pittsburgh, which are both owned by the Cox Media Group, were told last week by managers to shut down company computers and phones.[1]  "We are only able to communicate with each other over personal phones and text messages," said a WFTV employee.

Both stations were able to put together local broadcasts but were limited in their capabilities.  “An ‘IT incident’ that spans multiple organizations in a company is almost always a ransomware attack,” said Recorded Future.

In Orlando, managers asked employees not to come into the station on Thursday and again Friday, but said little about what was wrong with the company's computer networks.  "They wouldn't let us say anything on social media about why we weren't on the air," the employee said. "We feel a need to let our viewers know."

In Pittsburgh, the IT network staff began shutting down company servers as a precaution Thursday morning, an employee there said.  "Since then we've been locked out," leaving staff unable to access emails and internal programs used for their broadcasts, the employee said. "It's pretty crippling at the moment."

Hackers have steadily attacked American businesses, schools and hospitals with ransomware for several years.  But the problem only recently became an emergency for the federal government after an attack on the US's largest pipeline company, Colonial, shut down its fuel distribution for five days and caused some gas shortages.  And on Sunday, a ransomware gang hit the world's largest beef supplier, JBS, temporarily stopping work at its US plants.

Many of the most prolific ransomware gangs, including those responsible for the JBS and Colonial hacks, speak Russian and have at least some members based in Russia who appear to operate with impunity, leading US President Biden to say he's "looking closely" at retaliating.  The US announced it will begin to treat ransomware attacks as a national security threat rather than merely a criminal one, administration sources have said.  In a memo circulated to federal prosecutors the US Justice Department said it is elevating its ransomware investigations to the same level as terrorism ones, saying, “we must enhance and centralize our internal tracking of investigations and prosecutions of ransomware groups. We know that ransomware attacks and digital extortion schemes are often conducted by transnational criminal actors, spread without regard to geographic borders, and thrive on the abuse of online digital and financial infrastructure,” the memo said.   

We are living in perilous cyber times.  An ounce of prevention is ALWAYS worth a pound of cure.  Red Sky Alliance strongly recommends ongoing monitoring from both internal and external perspectives.  Internal monitoring is common practice and very important, however, external threats are often overlooked and can represent an early warning of impending attacks.  Red Sky Alliance can provide both internal monitoring in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting. 

Red Sky Alliance is in New Boston, NH   USA.     We   are   a   Cyber   Threat   Analysis   and   Intelligence Service organization.     For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or

Interested in a RedXray subscription to see what we can do for you?  Sign up here:   


E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!