First it was gas. Then it was meat. Now it’s local television stations.
At least two TV news stations have been completely offline since Thursday in what cybersecurity experts say appears to be a ransomware attack on their parent company.
ABC affiliate WFTV in Orlando, Florida, and NBC affiliate WPXI in Pittsburgh, which are both owned by the Cox Media Group, were told Thursday by managers to shut down company computers and phones.
"We are only able to communicate with each other over personal phones and text messages," said a WFTV employee who wasn't authorized to speak for the company and requested not to be named.
So far both stations were able to still put together local broadcasts, but have been limited in what they can do. Cox didn't reply to requests for comment. But the event appeared to be the latest U.S. incident of ransomware, where hackers will infect a network and hold its files hostage while demanding payment, said Allan Liska, an analyst at the cybersecurity company Recorded Future.
“An ‘IT incident’ that spans multiple organizations in a company is almost always a ransomware attack,” Liska said.
Brett Callow, a threat analyst at the cybersecurity company Emsisoft, agreed.
“The most likely cause by far of any incident that involves unplanned and widespread IT disruption is ransomware or the detection of malware that can be used to deploy ransomware,” Callow said. “Basically, the other things which could potentially cause such a shutdown are far less likely.”
In Orlando, managers asked employees not to come into the station on Thursday and again Friday, but said little about what was wrong with the company's computer networks.
"They wouldn't let us say anything on social media about why we weren't on the air," the employee said. "We feel a need to let our viewers know."