Chicago-based classical music radio station WFMT has reportedly become the latest victim of a cyberattack carried out by the ransomware group Play. The attackers claim to have stolen a substantial amount of sensitive business and personal information and have posted the station’s name on their dark web leak site.
As part of their extortion efforts, the cybercriminals allegedly released a sample of the stolen data, amounting to 5.5 GB. According to an investigation, the leaked files appear to contain:
- Payroll records
- Medical insurance information
- Company budget documents
- Government grant details
- Internal contracts and business reports
This data could be exploited for a variety of malicious purposes. In particular, medical insurance records are especially valuable to cybercriminals, as they are frequently sold on the dark web to individuals seeking to submit fraudulent claims for prescription medications or health services.
Founded in 1948, WFMT is one of the oldest classical music stations in the United States. It was also among the first to broadcast via satellite and cable networks across the country and internationally. WFMT remains the only U.S. radio station that is a member of the European Broadcasting Union (EBU).
Play Ransomware’s Growing Impact
The Play ransomware group has gained notoriety in recent years and was ranked among the top three most active ransomware operations in 2024. In 2023, the group was responsible for attacks on the Palo Alto County Sheriff's Office in Iowa and the Donald W. Wyatt Detention Facility in Rhode Island.
According to cybersecurity firm Adlumin, Play is believed to be one of the first ransomware gangs to adopt a technique called intermittent encryption. This method targets specific segments of a system instead of encrypting everything, allowing the attackers to move more quickly and reduce detection risks.
Since then, other ransomware groups such as ALPHV/BlackCat, DarkBit, and BianLian have also adopted this strategy to enhance the efficiency of their attacks.
The alleged breach of WFMT highlights the increasing risk facing media organizations, which may not always be prepared for the types of targeted attacks typically seen in healthcare, finance, or government sectors. WFMT has yet to publicly confirm the incident or provide further details.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
