Entercom Communications, one of the largest radio station owners in the U.S. has been dealing with a cyber attack that looks very much like a ransomware incident. The issue occurred over the past weekend and affects all offices the company has across the country.

Entercom's national network has over 235 radio stations broadcasting news, sports, and music to more than 170 million people each month.

Silence about the incident

The company has not released an official statement about the current status of its network or the cyber incident that apparently disrupted telephone and email communication, music scheduling, production, billing, and other internal digital systems, according to online reports.

Attempts from All Access publication to contact the radio station group via email this week were unsuccessful as the messages shot back an automated message informing that "technical issues" affected the email system.

Chicago media blogger Robert Feder also reached out to Entercom for a statement confirming or denying ransomware attack. The answer from the company was that they were "experiencing a disruption of some IT systems, including email."

Ransomware may be at fault

However, Radio Ink obtained what looks like an Entercom internal memo distributed over the past weekend, which offers sufficient clues that point to a ransomware incident.

It informs that systems that had been connected to various servers (network sharing, printing, active directory) were impacted and urged employees not to connect computers to the company's wired network.

Entercom's silence about this cyber incident is explained at the bottom of the memo.

A further indication of a ransomware incident is a report from Radio Insight, which mentions an alleged $500,000 ransom demanded by the attackers.

The publication says that the malware reached the company's shared internal systems from a computer in the programming department. 

Playout systems were not affected, which explains why broadcasting was possible seemingly as if under normal circumstances (some stations could not run commercials, music logs done by hand, reusing past traffic logs).

Despite the network-wide disruption, Entercom apparently made the decision not to pay the attacker, choosing to recover systems on its own.

While it may be cheaper and easier to pay the ransom, the company's decision not to would be a good one because it could use the money to improve the security of its network and prevent future cyber attacks.

Related Articles:

Multinational tech firm ABB hit by Black Basta ransomware attack

BlackByte ransomware claims City of Augusta cyberattack

New Buhti ransomware gang uses leaked Windows, Linux encryptors

Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks

Iranian hackers use new Moneybird ransomware to attack Israeli orgs