Cyber Incident Victim: KHSU
Date:
Jul 2019
Location:
United States of America
Summary
A university radio station experienced a ransomware attack that disrupted its programming systems and storage servers, resulting in prolonged silent broadcasts. The incident's origin remained unclear, with potential causes including a broader phishing campaign, a targeted ransom attempt, or sabotage linked to prior organizational changes affecting station personnel. While compromised servers reportedly contained no sensitive data, no specific ransom demand was communicated to the institution following the malware infection.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around July 10, 2019, Humboldt State University's radio station KHSU experienced a disruptive ransomware attack that forced it off the air, resulting in extended periods of dead air. The malware disabled most of the station's critical programming systems and storage servers, crippling its broadcasting capabilities. University officials confirmed the cyber attack but could not immediately determine whether it originated from a broad phishing campaign, a targeted extortion attempt, or deliberate sabotage. The timing raised questions about potential links to controversial staffing decisions made three months earlier in April 2019, when the university eliminated most KHSU staff positions and local programming – a move that had generated significant community dissatisfaction. No sensitive information was compromised in the attack, as the affected servers did not contain such data. Despite ransomware attacks typically involving financial demands, the university reported not receiving any specific payment request from the threat actors. The incident prompted an investigation to determine the attack vector and perpetrator motivations, though initial statements emphasized the lack of conclusive evidence regarding the intrusion method or purpose.
The university's response focused on assessing technical damage while maintaining transparency about the unresolved nature of the investigation. Officials issued a press release acknowledging the operational paralysis of KHSU's broadcast infrastructure but provided no timeline for restoring full functionality. The absence of both sensitive data exposure and ransom demands shifted attention toward potential non-financial motives, including the possibility of retaliatory action by parties opposed to the station's recent restructuring. While drawing no definitive conclusions, university representatives openly referenced the April 2019 staffing reductions as a contextual factor in their investigation, recognizing the community backlash those decisions had generated. The cyber attack's primary immediate impact remained the prolonged silencing of the station's broadcasts, with recovery efforts complicated by the breadth of affected systems controlling programming and storage operations.