Ransomware Attempt at KVIE

Mission-critical systems – including membership – not affected

As President and General Manager of KVIE, I am writing this message because we were recently the victim of an attempted ransomware attack that affected some of our internal systems and brought our full team together in response.  As soon as we discovered this suspicious activity on October 31, we immediately began an investigation and took steps to contain and remediate the situation, including proactively taking systems offline, changing passwords, notifying law enforcement, and engaging cybersecurity experts and a leading data security and privacy firm.

At this time, we have no evidence that KVIE information has been misused.  By design, our mission-critical systems and information were segmented from our network, which was the target of the attack.  Accordingly, our website and broadcast, payroll, membership, and accounting systems were not affected.

Over the past few weeks, our team has been working diligently with these cybersecurity professionals and law enforcement to fully assess the situation, add further safeguards to our existing protections, and bring systems back online as quickly and safely as possible.  I am so proud of our team’s quick response and all their hard work.  Because of their dedication, we remained on air throughout, continuing to provide our community with the important programming it expects.

In consultation with law enforcement and cybersecurity experts, we are releasing this information now because of the significant progress securing and restoring our systems.  We will continue to provide updates as new information becomes available and have answered some frequently asked questions below.  Thank you for your understanding as we work to complete our thorough investigation and system restoration.

– David Lowe, President and General Manager

November 23, 2022


Was KVIE information affected?

Based on our investigation, we believe that at least some KVIE information was accessed on our network without authorization.  This did not include our email, payroll, membership, and accounting systems, which were segmented from our network.


Was member or donor information affected?

At this time, our investigation has shown no evidence that sensitive member or donor information has been affected. By design, our membership system is on a separate, secure system that was segmented from our network. Additionally, our membership system does not store credit card numbers in an accessible format. These security controls were implemented before this event to segment information and systems so that confidential member and donor information, such as credit cards, could not be accessed during an incident.


Did you pay any ransom?

No. The actors behind this attempt demanded that we pay to decrypt files from our network and to stop them from posting information about this attempt.  In consultation with law enforcement and data security professionals, we decided instead to roll up our sleeves and work to restore our data from backups.


Did you lose any data?

There was a short period of time in between a recoverable backup where newer files were not saved. Additionally, some of our local production files were affected and we continue to work on restoring the related files.


Are systems safe moving forward?
We have added extra layers of security on top of our existing protections and will continue to segment mission-critical systems apart from our internal network. Cybersecurity experts have been monitoring our data recovery efforts and will continue to do so.