U.S. Press Freedom Tracker

Apparent ransomware attack forces local Cox TV stations offline in 3 states

Incident Details

June 2, 2021

TV and radio stations owned by the Cox Media Group were forced offline by what was believed to be a ransomware attack starting on June 2, 2021, according to several media reports.

The attack affected ABC affiliates WFTV in Orlando, Florida, and WSOC in Charlotte, North Carolina, as well as NBC affiliate WPXI in Pittsburgh, according to an NBC report. NBC’s June 4 report said the stations had been able to produce some broadcasts for their local audiences.

The three stations are part of the Cox Media Group, which owns more than 100 news outlets in 20 media markets. Radio stations owned by Cox were also affected by the apparent attack, a report from Inside Radio said. It found most news radio stations were back on air on June 4, but not the music stations.

In ransomware attacks an outside individual or group of hackers takes control of a company’s IT and digital services, and then demands ransom money from the company to “release” them.

"We are only able to communicate with each other over personal phones and text messages," a WFTV employee told NBC.

"They wouldn't let us say anything on social media about why we weren't on the air," a WFTV employee told NBC. "We feel a need to let our viewers know."

In Pittsburgh, the IT network staff began shutting down company servers as a precaution on June 3, an employee told NBC. "Since then we've been locked out," leaving staff unable to access emails and internal programs used for their broadcasts, the employee told NBC.

The attack meant some systems were still down the following week, including access to some stations’ digital video libraries, according to media reports. Weather computers were also not working for at least two stations, said CNN sources.

Some reports said that journalists were told not to open emails on their phones, and that broadcast software was not working.

Inside Radio reported that two weeks after the attack, Cox music stations were still not back to full service.

It said: “More than a dozen CMG music stations found ... are still offline as the company enters a third week since the hack. Major music brands – like hip-hop/R&B “99 Jamz” WEDR Miami, AC “B98.5’ WSB-FM Atlanta, country “93Q” KKBQ Houston, CHR “The Big Ape” WAPE Jacksonville, soft AC “105.5 The Dove” WDUV Tampa and scores more – are playing this message when listeners attempt to access their stream: ‘This stream is currently unavailable and we are working diligently to bring it back online. Our radio stations continue to broadcast 24/7 and you can listen to us over the air. Thanks for your patience.’”

The Cox Media Group has not confirmed any information about the attack, and it did not respond to a request for a comment from the U.S. Press Freedom Tracker.

The U.S. Press Freedom Tracker catalogues press freedom violations in the United States. Email tips to [email protected].