{
	"id": "48e7499d-7357-4af9-a869-6a9ca02c7e1e",
	"created_at": "2026-04-06T00:11:20.50835Z",
	"updated_at": "2026-04-10T13:12:44.80215Z",
	"deleted_at": null,
	"sha1_hash": "b8d77b3dd37b0135ba0592c23c455e82c5fe8d31",
	"title": "LockBit takes credit for November ransomware attack on Sacramento PBS station",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 184681,
	"plain_text": "LockBit takes credit for November ransomware attack on\r\nSacramento PBS station\r\nBy Jonathan Greig\r\nPublished: 2023-02-06 · Archived: 2026-04-05 14:35:41 UTC\r\nThe LockBit ransomware group this week said it was responsible for a November ransomware attack on a public\r\nbroadcasting affiliate in Sacramento, California.\r\nThe high-profile cybercrime gang made the claim on the dark web site where it leaks victims' data.\r\nThe PBS station KVIE announced the attack on November 23, noting that some of its internal systems were\r\naffected on October 31. It immediately took systems offline, notified law enforcement and hired experts to\r\ninvestigate the incident.\r\nLockBit breaches PBS member television station KVIE in Sacramento.\r\n/kvie.org#cybersecurity #infosec #LockBit pic.twitter.com/aMMVGEZgnq— Dominic Alvieri\r\n(@AlvieriD) January 30, 2023\r\nThe station’s mission-critical systems are segmented from the business network, meaning the website and\r\nbroadcast were not affected, and the group did not gain access to the station’s payroll, membership or accounting\r\nsystems. \r\n“Because of their dedication, we remained on air throughout, continuing to provide our community with the\r\nimportant programming it expects,” KVIE president and general manager David Lowe said in a statement at the\r\ntime. \r\n“There was a short period of time in between a recoverable backup where newer files were not saved.\r\nAdditionally, some of our local production files were affected and we continue to work on restoring the related\r\nfiles.”\r\nNo membership or donor information was involved in the breach and the organization does not keep credit card\r\nnumbers on file. \r\nLowe confirmed that a ransom was demanded by LockBit, which the station decided not to pay, instead restoring\r\nwhat it could from backups.\r\nOn Tuesday, Lowe told The Record that nothing has changed since his statement in November other than the fact\r\nthat LockBit is now threatening to leak the data stolen during the attack. \r\nThis is the second known ransomware attack on a PBS station after an Iowa affiliate was attacked in early\r\nNovember by the Royal ransomware group. That attack disrupted a fundraising drive but did not affect\r\nbroadcasting. \r\nhttps://therecord.media/lockbit-takes-credit-kvie-pbs-ransomware/\r\nPage 1 of 3\n\nA spokesperson for the national PBS organization acknowledged both attacks but did not respond to questions\r\nabout efforts to protect local stations from ransomware attacks. \r\nRansomware groups have made a point of going after news outlets in recent years, targeting The Guardian\r\nnewspaper, Nikkei Group, Portugal’s Impresa, France’s M6, Cox Media Group, CBS-owned Entercom, and The\r\nWeather Channel.\r\nLockBit has quickly become the most prolific ransomware gang operating, launching hundreds of attacks last year\r\non government agencies, companies and organizations around the world.\r\nThe group has caused particular outrage in recent weeks with attacks on a Canadian children’s hospital, one of the\r\nbiggest ports in Europe and a British postage and courier company.\r\nCybersecurity expert Dominic Alvieri said that alongside KVIE, Lockbit added 12 other new victims to its leak\r\nsite this week.\r\nGet more insights with the\r\nRecorded Future\r\nIntelligence Cloud.\r\nLearn more.\r\nhttps://therecord.media/lockbit-takes-credit-kvie-pbs-ransomware/\r\nPage 2 of 3\n\nNo previous article\r\nNo new articles\r\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nSource: https://therecord.media/lockbit-takes-credit-kvie-pbs-ransomware/\r\nhttps://therecord.media/lockbit-takes-credit-kvie-pbs-ransomware/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://therecord.media/lockbit-takes-credit-kvie-pbs-ransomware/"
	],
	"report_names": [
		"lockbit-takes-credit-kvie-pbs-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434280,
	"ts_updated_at": 1775826764,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b8d77b3dd37b0135ba0592c23c455e82c5fe8d31.pdf",
		"text": "https://archive.orkl.eu/b8d77b3dd37b0135ba0592c23c455e82c5fe8d31.txt",
		"img": "https://archive.orkl.eu/b8d77b3dd37b0135ba0592c23c455e82c5fe8d31.jpg"
	}
}