Updated at 9:15am Eastern
So far in 2019, Urban One, Townsquare Media and a cluster of stations owned and operated by Virginia-based Max Media each became victims of a ransomware attack.
In the case of Max Media, nearly all of the of the company’s stations in downstate Illinois suffered from the implementation of encryption software making most of its digital files useless. For Townsquare Media, the Shreveport, La., cluster, could not activate its automation triggers for spots and imaging. At Urban One, national radio spots and some Radio One audio streams were impacted by a cyberattack that crippled the company’s internal computing systems at various clusters, forcing staff to rebuild file systems over several weeks. Some $5,000 to $6,000 was spend on recovery efforts, with a negative impact of $1 million placed on Urban One.
Now, Entercom Communications is dealing with its own computer troubles in what appears to be a company-wide ransomware attack.
Correction: An earlier version of this story, distributed Sept. 10, incorrectly cited a source close to the matter who told RBR+TVBR that the crippling of Entercom’s computer network likely began with an infected music scheduling program. The virus was sourced to an infected computer in the programming department, and not a particular software program. We regret the error.
As of Tuesday morning (9/10), e-mail and other types of internal services — including programming tools such as music logs and scheduling — were still disrupted across a wide swath of Entercom stations.
One e-mail account attempting to contact an Entercom employee received an automated reply Tuesday morning noting, “We are currently experiencing technical issues with our e-mail. Please contact our local markets via phones, or visit our web site at www.entercom.com to find our contact information.”
According to AllAccess Music Group, “technical staff and outside experts” have been working with Entercom to restore communications and services with traffic and sales. By mid-afternoon e-mail and phone communication with the company’s corporate offices was working normally.
A source close to the matter tells RBR+TVBR that the crippling of Entercom’s computer network likely began with an infected computer used by a company’s programming department staffer. The virus then spread through networked computers, moving to multiple departments.
The breach did not originate with and was not caused by music scheduling software, RBR+TVBR confirmed early Wednesday (9/11).
As reported by RadioInsight.com, a $500,000 ransom was presented to Entercom.
In response to RBR+TVBR‘s query seeking comment, an Entercom spokesperson said, “We are experiencing a disruption of some IT systems, including email. We apologize for any inconvenience and are working around the clock to resolve this issue.”
Meanwhile, sources tell RBR+TVBR a Monday meeting at Entercom’s Chicago stations included a discussion on such an attack, and that employees were instructed to keep the matter completely quiet.
That didn’t stop the company’s all-News station in Chicago, WBBM-AM & FM, from running a report at 8:55am Central noting that all Entercom stations were suffering from an internal digital systems virus. The report did not mention the phrase “ransomware attack.”
The order to keep quiet was also met with derision from one concerned Entercom insider who spoke with RBR+TVBR confidentially. “Advertisers should know there are possibilities their accounts have been hacked,” the person said.
At another Entercom station, a programming executive who requested anonymity told RBR+TVBR that making any adjustments to the music log would be “very difficult, due to the serious issues we are having with all platforms.”
The Entercom staffer added that across the local cluster, all were unsure of the issue. “We’re on the air but many things are not functional at this point,” the source said. “It is really unclear. I’ve been speaking with many people here and around the country and there is no definitive answer.”
Entercom shares were down 2 cents to $3.66 after an initial drop to $3.60 likely caused by the WBBM report and widespread rumors of a malware incident.