Spanish radio station KISS FM has been listed by the Rhysida ransomware group as one of its latest victims. The attackers claim to have stolen internal company data and are demanding payment to prevent its release. The radio network, owned by Spanish media group Kiss Media, broadcasts nationwide and is one of the country’s most popular stations for pop and classic hits.
Rhysida announced the breach on its leak site and gave the station seven days to pay a ransom of about three bitcoins, worth roughly 300,000 US dollars. The group said that if the demand is not met, it will auction the stolen data to a single buyer or make it public. Screenshots shared by the criminals appear to show internal documents, including ratings reports, employee communications, and invoices related to government and private contracts.
The ransomware operators described the data as “exclusive and valuable” and invited potential buyers to place bids. Cybersecurity analysts who reviewed the leak notice said that while the authenticity of the files has not been confirmed, the material appears consistent with Rhysida’s previous data theft campaigns. The group has been active since 2023 and has targeted universities, hospitals, government institutions, and private companies across several countries.
KISS FM has not issued a detailed public statement about the incident. The company confirmed that it is aware of the claim and is working with cybersecurity specialists to investigate. It has not commented on whether a ransom payment will be considered. The Spanish National Police and the National Cybersecurity Institute are monitoring the case, which may fall under national data protection laws depending on the nature of the exposed information.
According to threat researchers, Rhysida typically gains access through phishing emails and compromised remote connections. Once inside a network, the group steals data before deploying encryption tools that disrupt internal systems. Its operations have focused on high-profile targets where public exposure of stolen information could cause significant financial or reputational harm.
Expanding ransomware threats to the media industry
The attack on KISS FM reflects a broader pattern of ransomware groups targeting media and entertainment companies. These organisations depend on continuous operations and public trust, making them attractive to attackers who rely on pressure tactics. Stolen documents that reveal advertising contracts, audience metrics, or regulatory correspondence can be used for extortion or sold to competitors.
Experts say that the broadcasting sector has become more vulnerable because of its dependence on cloud services and third-party technology providers. As production, advertising, and scheduling systems move online, cybercriminals have more entry points to exploit. Attackers increasingly aim to exfiltrate valuable information rather than simply encrypt systems, which allows them to profit even if operations are restored from backups.
Security professionals recommend that media companies conduct regular vulnerability assessments and limit access to sensitive files. Organisations should also maintain secure backups, train employees to recognise phishing attempts, and develop response plans for data leak threats.
The KISS FM case underscores the growing challenge for media networks facing complex digital infrastructures and public exposure risks. For Rhysida and similar groups, the strategy is clear: attack industries where disruption quickly becomes newsworthy and where the threat of embarrassment or regulatory scrutiny increases the chance of payment.
Site Disclaimer
2-remove-virus.com is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.
The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.