Cyber Incident Victim: Backyard Media
Date:
Oct 2023
Location:
United States of America
Summary
A cyberattack disrupted Backyard Media's Oregon radio stations, forcing them off-air and compromising music, commercial, imaging, and payroll systems. After refusing a Bitcoin ransom demand, the company replaced hardware and software, rebuilding programming libraries while temporarily delivering commercials live. Recovery efforts included upgrading systems, with management acknowledging client and listener patience during the process. The incident highlights vulnerabilities affecting broadcasters of various sizes.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 29, 2023, Backyard Media’s Bend, Oregon radio cluster suffered a cyberattack that forced all four stations off the air simultaneously. The attack compromised critical operational systems, including on-air automation computers responsible for broadcasting music, commercials, and imaging content. Attackers deployed ransomware that encrypted these systems, freezing access to music libraries, commercial archives, imaging assets, and internal payroll functions. The perpetrators demanded a substantial ransom payment in Bitcoin through multiple wire transfers, which Backyard Media’s management explicitly refused to pay. General Manager Andy Hilmes confirmed the refusal eliminated any possibility of restoring the encrypted systems, necessitating complete hardware replacement and software rebuilding. The immediate operational impact included an indefinite broadcast outage, disrupting programming for modern rock KRXF (92.9), CHR “Power 94” KXIX, classic rock “The X 100.7” KMGX, and country station KSJJ (102.9). Without access to pre-recorded commercials or music libraries, stations initially operated with minimal functionality, requiring live reads for advertisements. The attack’s scope extended beyond broadcast operations to internal administrative systems, complicating payroll processing and business operations.
Backyard Media began recovery by procuring new automation hardware delivered on December 5, 2023, initiating the reconstruction of music libraries, commercial databases, and imaging content from scratch. Hilmes emphasized the company’s commitment to replacing all compromised hardware and software while integrating upgraded systems to enhance security. The rebuild process required recreating thousands of audio assets, including advertisements and station imaging, prolonging the reliance on live commercial reads until production facilities could be restored. Hilmes publicly thanked listeners and advertisers for their patience during the extended recovery phase, acknowledging the disruption’s impact on both audience experience and client services. The incident highlighted vulnerabilities in small-market broadcasting infrastructure, with Hilmes advising peer organizations to secure specialized local IT support and verify insurance coverage for cyberattack-related exclusions. The attack aligned with a broader pattern of ransomware incidents affecting U.S. broadcasters, including major groups like Cox Media Group and Salem Media Group, though Backyard Media’s response focused on independent recovery without ransom negotiation. Operational restoration remained ongoing at the time of reporting, with no public timeline provided for full system normalization.