Cyber Incident Victim: Entercom Communications
Date:
Dec 2019
Location:
United States of America
Summary
A major radio network experienced two cyber incidents within months, the first being a ransomware attack causing significant financial losses and a $500,000 decryption demand, followed by a more sophisticated attack disrupting back-office operations, connectivity, and digital content delivery. The second incident forced some stations to air pre-recorded programming due to music log import failures and disabled email, file access, and digital platform content temporarily, though systems were largely restored within a day—potentially reflecting improved security measures implemented after the initial breach. Both attacks impacted operations across its 235-station network serving over 170 million monthly listeners, with the first incident reportedly costing millions in lost revenue and prompting security investments.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In September 2019, Entercom experienced a ransomware attack that caused significant operational disruptions and financial losses across its network of over 235 radio stations serving 170 million monthly listeners. Attackers encrypted company files and demanded a $500,000 ransom payment for decryption, though Entercom never publicly confirmed whether it paid. The ransomware incident impacted revenue streams and forced temporary operational changes, prompting the company to invest in upgraded security systems during recovery. Three months later, on December 22, 2019, Entercom suffered a second cyberattack described by industry observers as more sophisticated than the September incident. This new breach occurred on a Sunday and primarily disrupted back-office functions, though some stations including KYW 1060 Philadelphia resorted to airing pre-recorded overnight programming segments due to content import failures.
The December attack caused connectivity issues that disabled corporate email systems, restricted access to internal files, and interrupted content delivery for digital platforms. While on-air broadcast systems remained largely operational, multiple markets could not import scheduled music logs and other programming materials. Entercom contained the damage more rapidly than during the September ransomware event, restoring most functionality by Monday morning—a recovery timeline potentially attributable to security improvements implemented after the prior attack. The company publicly confirmed both cyber incidents but withheld technical details about attack vectors or perpetrator identities. Financial disclosures indicated the September ransomware attack alone cost Entercom millions of dollars in direct losses and recovery expenses, though no specific monetary impact was reported for the December breach. Operational continuity measures prevented prolonged broadcast interruptions during both events, maintaining programming for the majority of Entercom's national audience despite back-end system outages.