Another Radio Group Suffers A Ransomware Attack


A six-station cluster of AM and FM radio stations in downstate Illinois has become the latest broadcast media victim to fall prey to a ransomware attack, rending nearly all of the of the stations’ files useless.

The GM for the stations took to the airwaves Friday morning to share the news. It gave Max Media something in common — for a bad reason — with Urban One and Townsquare Media.

It was Steve Falat, GM of Max Media’s Marion-Carbondale, Ill., radio stations, who revealed that the computer files used by his AMs and FMs had been hacked.

Confirmation to Falat came via an email received early Thursday, the Southern Illinoisian newspaper reported.

“All of your files have been encrypted due to a security problem with your PC,” it read.

For some, this would be ignored as just another spam e-mail.

Unfortunately, it was very real, and the group who sent it explained that all they needed to do was acquire de-encryption software — for a price. The fee depended on how fast Max Media acted and was, for all intents and purposes, a ransom.

Payment was desired by the hackers in Bitcoin.

According to Falat, the encryption was found in the stations’ audio file system.

Interestingly, a hack of Max Media’s Marion-Carbondale stations, comprised of WCIL-AM & FM, WUEZ-FM, WXLT-FM, WJPF-AM & WOOZ-FM, had just been discussed as oart of a company-wide preventative measure plan, which has started in earnest.

Luckily, control of the radio stations remained in control of Max Media’s local leadership.

In an exclusive conversation with RBR+TVBR, Falat said, “We have replaced everything from the ground up,” opting not to pay any ransom for file access. The group’s supplier, WideOrbit, shipped all new materials to Marion-Carbondale for immediate use.

Meanwhile, the chief engineer for Max Media’s stations in the market notes that, in March, a hard drive was replaced. This, he believes, should be recoverable — saving much of the music files.

Lost for good are files for other departments at the stations.

Townsquare Media and Urban One had far worse situations.

In early April, a ransomware attack crippled Townsquare Media‘s Shreveport, La., cluster, wreaking havoc on live broadcasts as automation triggers for spots and imaging could no longer be accessed.

Meanwhile, Urban One CFO Peter Thompson revealed during his company’s first quarter 2019 earnings call that national radio spots and some Radio One audio streams were impacted by a cyberattack that occurred in late February. This crippled the company’s internal computing systems at various clusters, forcing staff to rebuild file systems over several weeks.

Thompson says some $5,000 to $6,000 was spend on recovery efforts, but that the attack put a $1 million impact on Q1, which will be mitigated in insurance claims presently in process.

What can a radio group do, whether preventative or in response?

“These attacks tend to be similar, but different, at the same time,” notes Ari Meltzer, partner with communications law practice Wiley Rein.

In most cases, the point of intrusion is a lack of attachment. As such, a radio group should ensure that their IT department head has put proper procedures in place across the organization to keep an intrusion from happening. This can be as simple as having the right software in place.

From a legal perspective, getting a stolen domain name, or control of a website back can be an easier task. For an internal systems virus, there is no legal option unless one knows for sure who is responsible.

In nearly all cases, this is an impossible task — unless a sleuth is hired to conduct an investigation. Says Meltzer, “The sophisticated attackers can disguise themselves to the point where it can become very difficult to identify them.”