Cox Media Group Ransomware Attack Confirmed
The Attack Took Down the Live TV and Radio Broadcast Streams.
Cox Media Group (CMG), an American media conglomerate, reported that it was attacked by a ransomware assault in June 2021, which knocked off live TV and radio broadcast feeds.
In a data breach notification letter delivered via US Mail to over 800 impacted people, the company admitted the incident.
On June 3, 2021, CMG experienced a ransomware incident in which a small percentage of servers in its network were encrypted by a malicious threat actor. CMG discovered the incident on the same day, when CMG observed that certain files were encrypted and inaccessible.
CMG quickly took its systems offline as a precautionary measure and took additional steps to prevent further unauthorized access. CMG also began a thorough investigation with the support of leading outside cybersecurity experts and promptly reported the incident to the FBI, including the Newark and Dallas field offices.
CMG did not pay a ransom or provide any funds to the threat actor as a result of this incident. There has been no observed malicious activity in CMG’s environment since June 3, 2021. Although there was no initial indication (including from the threat actor) that data may have been taken in the incident, and although none has been observed through continuous dark web monitoring by CMG, we recently determined that the threat actor tried to remove copies of certain HR files on a server, but the forensic evidence indicates that the attempt to do so may have been unsuccessful.
To date, CMG has no evidence confirming that personally identifiable information was actually removed from CMG’s systems or misused as a result of this incident. Nevertheless, CMG is notifying your office as well as individuals whose personal information was at risk of acquisition by the threat actor.
The types of personal information that were at risk of unauthorized acquisition included names, addresses, Social Security numbers, financial account numbers, health insurance information, health insurance policy numbers, medical condition information, medical diagnosis information, and online user credentials, stored for the purpose of human
After the assault was discovered, Cox Media Group quickly shut down systems and reported the issue to the FBI, who then launched an investigation with the aid of external cybersecurity specialists.
As explained by BleepingComputer the news organization discovered evidence that the intruders had taken personal information from the systems that had been hacked. They also attempted to exfiltrate this information outside of CMG’s network, although there is no proof that they were successful.
Soon after discovering the evidence the threat actor tried to remove copies of certain HR files, CMG began proactively informing known potentially affected individuals of the incident via email on July 30, 2021, and offered complimentary credit monitoring services to those individuals. Now that CMG has completed its document review process, CMG is sending notification letters to all individuals whose data the threat actor attempted to acquire and to provide complimentary credit monitoring services to this entire, identified population of individuals.
Since the June ransomware assault, CMG has discovered no indication of identity theft, fraud, or financial losses affecting possibly impacted people.
Names, addresses, Social Security numbers, financial account numbers, health insurance information, health insurance policy numbers, medical condition information, medical diagnosis information, and online user credentials stored for human resource management purposes were among the personal information exposed during the attack.
It is interesting to note the fact that the company seems to have ignored any ransomware payment.
CMG did not pay a ransom or provide any funds to the threat actor as a result of this incident. There has been no observed malicious activity in CMG’s environment since June 3, 2021.
These steps include multi-factor authentication protocols, performing an enterprise-wide password reset, deploying additional endpoint detection software, reimaging all end-user devices, and rebuilding clean networks.