American media conglomerate, Cox Media Group disclose ransomware attack.

On Friday 8^th of October 2021, Cox Media Group, an American media conglomerate disclosed that they experienced a ransomware attack that led to TV and radio broadcast streams to be taken down in June of 2021. The attack disclosed to the public via mail that was sent to over 800 individuals who have had their personal information exposed during the incident.

“On June 3, 2021, CMG experienced a ransomware incident in which a small percentage of servers in its network were encrypted by a malicious threat actor,” Cox Media Group stated.

Cox Media Group discovered the attack when they found they could access files that had been encrypted. This led to them immediately taking down their system and reporting the incident to FBI before they went onto investigating the incident. They discovered evidence that the threat actors had been harvesting person information that was stored on the compromised system but no evidence was found to proof that the data had been successful exfiltrate out of the Cox Media Group’s network.

No evidence of identity theft, fraud, or financial losses has been found since the incident in June. Personal information that was exposed during the attack includes names, addresses, Social Security numbers, financial account numbers, health insurance information, health insurance policy numbers, medical condition information, medical diagnosis information, and online user credentials, that had stored for human resource management purposes.

No ransom paid

“CMG did not pay a ransom or provide any funds to the threat actor because of this incident. There has been no observed malicious activity in CMG’s environment since June 3, 2021,” CMG declared.

The company also stated they have taken several steps to improve its systems’ security since the incident to detect and block avoid further breach attempts which includes multi-factor authentication protocols, performing an enterprise-wide password reset, deploying additional endpoint detection software, reimaging all end user devices, and rebuilding clean networks.