Cyber Incident Victim: Iowa Public Television
Date:
Nov 2022
Location:
United States of America
Summary
A ransomware attack targeted Iowa PBS, with the Royal group claiming responsibility after the organization detected suspicious network activity and engaged experts to investigate. While broadcast operations remained unaffected, the incident forced cancellation of a major fundraising drive, causing significant donor revenue loss as the organization prioritized maintaining public trust. The attackers did not disclose specific stolen data, but breach notifications were issued to potentially affected individuals. This incident aligns with a pattern of ransomware groups increasingly targeting media entities globally, leveraging malware like Royal which is known for high ransom demands and distribution through multiple threat actors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 20, 2022, Iowa PBS detected suspicious activity on its network systems during the early morning hours. The organization immediately engaged systems experts to investigate the incident. Despite the cyberattack, Iowa PBS confirmed that its broadcast operations, livestreams, and digital platforms remained fully functional, ensuring no disruption to public services. Communications Director Susan Ramsey declined to disclose technical details about the breach, citing Iowa laws classifying cybersecurity information as confidential. Within two days of detection, Iowa PBS shortened its annual fall fundraising pledge driveāa decision the organization attributed directly to the cyber incident. While acknowledging a "considerable" loss of donor revenue from this cancellation, leadership emphasized greater concern about preserving public trust and viewer relationships. The station issued breach notification letters to affected parties but did not reveal the number of impacted individuals or the specific types of compromised data.
The Royal ransomware group publicly claimed responsibility for the attack on November 24, 2022, though it provided no evidence regarding stolen files. Microsoft had previously identified Royal as a ransomware variant emerging in September 2022, distributed by multiple threat actors and linked to attacks including one against a prominent UK motor racing circuit. The U.S. Department of Health and Human Services had warned healthcare entities about Royal attacks featuring ransom demands between $250,000 and $2 million. Iowa PBS became one of several media organizations targeted by ransomware groups in 2022, following attacks that month on The Guardian newspaper in the UK, the Nikkei Group financial news outlet in May, and Portugal's Impresa media conglomerate in January. Historical precedents included ransomware incidents affecting Cox Media Group, Entercom, France's M6, and The Weather Channel. Iowa PBS maintained its operational continuity throughout the incident while managing financial and reputational repercussions.