Cyber Incident Victim: Marketron

On September 19-20, 2021, the BlackMatter ransomware gang breached Marketron, a provider of cloud-based revenue and traffic management software serving over 6,000 media industry clients handling $5 billion in annual advertising revenue. Marketron CEO Jim Howard notified customers via email on Sunday night, September 19, attributing the attack to a "Russian criminal organization" and apologizing for the disruption despite recent cybersecurity investments. These included implementing zero-trust access policies, segregating backup and disaster recovery systems across separate physical and network environments, and deploying new security detection tools. The company immediately engaged with the attackers and contacted the FBI while prioritizing system restoration efforts.

By Monday, September 20, Marketron publicly confirmed a "cyber event" had disrupted core business operations, forcing all services offline except Pitch, Email Marketing, and Mobile Messaging. Impacted platforms included Marketron Traffic, Visual Traffic Cloud, Exchange, and the Advertiser Portal. RadioTraffic and RepPak services remained operational initially but were proactively taken offline as a precaution. Third-party forensic investigators were brought in to determine the root cause, though Marketron VP of Marketing Bo Bandy stated the investigation remained ongoing with no confirmed breach methodology. The incident affected all customers, halting critical revenue management and audience engagement tools for broadcast and media organizations. BlackMatter, identified as a likely rebrand of the DarkSide ransomware operation responsible for the Colonial Pipeline attack, claimed responsibility amid a string of September 2021 breaches targeting global organizations across agriculture, finance, manufacturing, and technology sectors.