Another Ransomware Attack Ravages A Radio Cluster


PORTLAND, ORE. — Travel two hours to the east of the ever-changing Woodlawn neighborhood in Northeast Portland, and you’ll find yourself in one of the most beautiful locales of the Pacific Northwest: the Columbia River Gorge.

Unfortunately, there’s an ugly situation going on in this picturesque corner of the U.S. And, it’s due to another ransomware attack at a group of radio stations.

Since the morning of Oct. 22, five station operating under Bicoastal Media‘s local “Gorge Radio” brand have been fighting a programming “disruption” caused by a ransomware attack that infected the stations’ computer systems.

This result in the computers locking up, and preventing access to software enabling each of the stations to continue with regular locally produced shows.

As a result, News/Talk KACI-AM 1300 and FM translator K280FJ at 103.9 MHz in The Dalles, Ore., is unable to broadcast “Mid-Columbia Today,” its 6am-9am morning show hosted by Mark Bailey and Jeff Skye.

A ransomware attack on Bicoastal Media’s Gorge Radio stations straddling the Washington-Oregon border has prevented “Mid-Columbia Mornings” from airing on KACI-AM in The Dalles, Ore., since Oct. 22.

Nationally syndicated programming is not impacted, allowing the airing of shows from Rush Limbaugh, Sean Hannity, Dave Ramsey, Jim Bohannon and KXL-FM in Portand, Ore.-based talk host Lars Larson.

For Gorge Radio’s four other stations, a wall of music and pre-recorded liners is on the air — with access to live mics and cut-ins blocked due to the ransomware attack.

Gorge Radio’s other stations are Classic Hits KACI-FM “KC 93.5;” Hood River-licensed Hot AC KCGB-FM and K245AF at 96.9 MHz in The Dalles; Country KIHR-AM 1340 and FM translator K252EN at 98.3 MHz in Rockford; and Class C3 Classic Rocker KMSW-FM 92.7 in The Dalles.

Listener access to KACI-FM via streaming audio hosted by Triton has been crippled, with no access as of Friday morning (10/25). The same was seen with KMSW’s audio stream, hosted by WideOrbit (shown below).

Bicoastal is taking the matter into its own hands by refusing to pay the ransom. In a message appearing across its station websites, the Gorge Radio website and on Facebook, the broadcast company said, “We have computer technicians working on the problem, but at this point we are unsure of when we will be back to normal. Our staff shares with you the frustration of not being able to bring the programming that you’ve grown to expect and enjoy every day in the manner we normally do.”

The company then acknowledged “all the calls and interest we have received in the last couple of days” — a sign that live and local radio remains vital to a region where The Dalles Chronicle prints twice each week, and all television stations are based in Portland. “It is wonderful to know that we have listeners who take such a great interest, and increases our determination to bring the best in entertainment and information throughout the Columbia River Gorge,” Bicoastal said.

While Bicoastal is not the lone local broadcast group serving Hood River and The Dalles, it is perhaps the biggest one. It competes against Gorge Country Media, which operates AC KRSX-FM “Star 95.9;” Country KYVT-FM 102.3 (Y102); and east-of-The Dalles Talk KLCK-AM 1400, which focuses on Klickitat County, on the north side of the Columbia River.

Then, there is “Classic Oldies” KODL-AM 1440, owned by radio veteran Al Wynn through Larson-Wynn. It uses a pair of FM translators and top-of-the-hour reports from

Aside from Gorge Radio stations, the radio dial is also home to All Classical Portland and NPR giant OPB unaffected by this ransomware attack.

As a result, a major source for local news and entertainment has been crippled — at least temporarily.

The disruption at Bicoastal Media follows incidents at Urban One, Townsquare Media and a cluster of stations owned and operated by Virginia-based Max Media that have been seen since the start of 2019.

But, perhaps the most noteworthy ransomware attack is one that involves one of the nation’s biggest broadcasters — unofficially.

Entercom Communications is still dealing with the fallout of its own computer troubles in what appeared to be an early September company-wide ransomware attack.

The virus was sourced to an infected computer in the programming department at an Entercom station, with e-mail and other types of internal services — including programming tools such as music logs and scheduling — disrupted across a wide swath of the company’s stations.

As reported by, a $500,000 ransom was presented to Entercom.

In response to RBR+TVBR‘s query seeking comment, an Entercom spokesperson said on Sept. 11, “We are experiencing a disruption of some IT systems, including email. We apologize for any inconvenience and are working around the clock to resolve this issue.”

In the case of Bicoastal, it is not known what the financial ransom is.

An early 2019 ransomware attack, along with added expenses tied to a late-night TVOne talk program hosted by D.L. Hughley, were black marks on an otherwise positive Q1 earnings report delivered by Urban One.

In early April, a ransomware attack crippled Townsquare Media‘s Shreveport, La., cluster, wreaking havoc on live broadcasts as automation triggers for spots and imaging could no longer be accessed.



Media C-Suiters Beware: You’re The Next Cybercrime Target

A ransomware attack impacted Urban One’s Q1 earnings. In early April, a ransomware attack crippled Townsquare Media’s Shreveport, La., cluster. Think that’s a problem? What would happen if your entire C-Suite computer network was held captive by a cybercrime syndicate?

How To Avoid A Ransomware Attack: Hire A Hacker

With Entercom Communications reeling from what has yet to be officially confirmed as a major ransomware attack, a “network penetration” tester shares how media companies can best avoid the level of problems faced by the radio broadcasting company in an exclusive interview with RBR+TVBR.
You do not have permission to view the comments.