Radio station WMNF victim of ransomware cyberattack

A soundboard at WMNF 88.5 FM. Times (2005)
A soundboard at WMNF 88.5 FM. Times (2005)
Published July 17, 2019

Tampa-based community radio station WMNF 88.5-FM is stepping up cybersecurity after its computer systems were hobbled by ransom-seeking hackers last month.

Interim general manager Cindy Reichard said the ordeal began June 18 when a programmer noticed a computer in one of the studios was acting strangely.

The station then received a digital message: Your files have been encrypted. Pay us, and you can have them back.

It's known as a ransomware attack, a common form of cyber crime where hackers install malicious code rendering a victim's data useless until they pay for a digital key to decrypt it.

The station did not pay the ransom, and instead reported the attack to the Florida Department of Law Enforcement.

"FDLE told us that a lot of times you pay and you still don't get your data back anyway," Reichard said.

The hack did not affect any sensitive data, such as donor information, payroll or any financial documents, Reichard said.

RELATED: Rob Lorei reinstated as news director at WMNF after appealing firing

The ransomware did infect a new AudioVault system where the station's audio archives were stored, along with pre-recorded promos played between songs and other audio files. The promos were being recreated on CD, and in the meantime hosts could resort to reading them live.

Archived episodes of the station's news and public affairs programming may be lost permanently.

The station has sent the affected server off to a local data recovery company to see what, if anything, can be salvaged.

The ransomware also took down the station's live HD broadcasts. Those signals have instead been broadcasting pre-recorded shows. Those with radios that display what song is playing may have noticed their screens stuck reading "Derek and the Dominos" when tuning in to WMNF since June.

Otherwise, listeners would not have heard anything unusual, though the attack has caused small difficulties behind the scenes. The lost files include all of the blank forms the station uses for various office purposes.

Reichard was unsure how much money the hackers demanded.

"It depends, because you have to tell them which files you want to get back," she said, but the station ultimately chose not to engage at all.

Reichard said investigators told her the ransomware could have originated in Russia.

"We don't really know for sure, other than it came through the AudioVault," she said. "It could have been sitting in a file for a long time and someone did something that triggered it. Or it could have come in with some music we downloaded."

RELATED: Ransomware attacks put Florida governments on alert

She estimated the situation will cost WMNF $5,000, and possibly more, between the data recovery work and the upgrades to security.

Want breaking news in your inbox?

Want breaking news in your inbox?

Subscribe to our free News Alerts newsletter

You’ll receive real-time updates on major issues and events in Tampa Bay and beyond as they happen.

You’re all signed up!

Want more of our free, weekly newsletters in your inbox? Let’s get started.

Explore all your options

Ransomware in recent years has affected individuals, businesses and municipalities. Major cities such as Baltimore and Atlanta fell victim in 2018. In Florida, Riviera Beach and Lake City were so crippled by recent attacks they paid more than $1 million in combined ransom.

Public radio stations have been targeted. In 2017, San Francisco NPR station KQED was hobbled for months by an attack that forced one of the nation's largest public media companies to shut down its entire computer network to prevent the ransomware from spreading.

An FBI guidance document says the U.S. government "does not encourage paying a ransom to criminal actors," because it could "inadvertently encourage this criminal business model."

Contact Christopher Spata at or follow @SpataTimes.