[TheRecord] Four months later, Cox Media confirms ransomware attack

The Cox Media Group, one of the largest media conglomerates in the US, has formally acknowledged a ransomware attack that crippled and took down live feeds for several TV and radio stations earlier this year, in June.

In breach notification letters filed with US state attorneys’ offices this week, CMG acknowledged the incident for the first time after it previously warned employees not to confirm the intrusion or share details about the attack with the press. The acknowledgment also comes more than four months after the attack took place.

CMG said the incident only impacted “a small percentage of servers” that were encrypted by a ransomware group.

Although the intruders asked for a ransom demand to decrypt affected servers, CMG said they responded by taking the servers offline.

“CMG did not pay a ransom or provide any funds to the threat actor as a result of this incident,” it explained.

The company also said that a recent investigation found that the intruders tried and failed to copy HR-related files from one of the breached servers.

CMG said that even if the attackers didn’t manage to remove the files, the company is now notifying all employees who had data stored in those files after sending an initial set of notifications earlier this year, on July 30.

Personal data stored in the files included the likes of:

namesaddressesSocial Security numbersfinancial account numbershealth insurance informationhealth insurance policy numbersmedical condition informationmedical diagnosis informationonline user credentials

Since the June 3 attack, no ransomware gang has stepped forward to take credit for the Cox Media Group intrusion or to threaten to leak files from the company.

The post Four months later, Cox Media confirms ransomware attack appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

Daily NCSC-FI news followup 2021-09-22

Russian state hackers use new TinyTurla malware as secondary backdoor www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/ Russian state-sponsored hackers known as the Turla APT group have been using new malware over the past year that acted as a secondary persistence method on compromised systems in the U.S., Germany, and Afghanistan. Security researchers at Cisco Talos say that TinyTurla is a […]

Read More

[ZDNet] Hacker returns more than $260 million in cryptocurrency after Poly attack

All posts, ZDNet

The headline grabbing haul saw a cybercriminal steal more than $600 million in cryptocurrency. Source: Read More (Latest topics for ZDNet in Security)

Read More

[HackerNews] Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation

All posts, HackerNews

Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that’s involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts. “With over 100 available phishing templates that mimic known […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.