The attack is being investigated by federal law enforcement, one of the sources said.
Multiple systems are still down this week, including access to the digital video library, according to employees from two stations. Weather computers were also not working for at least two stations.
Some station employees tell CNN they have not yet recovered email and are working on workarounds. Stations have asked staff not to open email on their phones. One station on Wednesday was experiencing new issues, including phone lines and broadcast software failing, an employee said.
Cox Media Group and its parent company have not commented publicly about the attack nor has any official statement come from corporate to staff.
Cox has 33 television stations in 20 markets across the US. Cox and Apollo Global Management, which owns Cox, have not responded to CNN’s repeated requests for comment.
There has been nothing that’s been posted on ransomware extortion sites and no claims of responsibility, said Allan Liska of Recorded Future. Liska said if internal systems are affected that likely indicates ransomware.
Last week, after complaints about a change in programming, Hulu said on Twitter that there was “an issue with the feed” from one of the Cox stations.
“Apologies for the trouble! There’s currently an issue with the feed from WSB that’s under investigation, and we hope to see this cleared up soon. We appreciate your patience in the meantime!,” the June 3 tweet read.
The ongoing threat was put into sharp focus Sunday by Energy Secretary Jennifer Granholm, who warned in stark terms that the US power grid is especially vulnerable to attacks.
Responding to a question on “State of the Union” about whether the nation’s adversaries have the capability of shutting it down, Granholm said: “Yeah, they do,” adding, “There are thousands of attacks on all aspects of the energy sector and the private sector generally … It’s happening all the time.”
Moscow has denied involvement in that attack, which the FBI has said originated from a criminal group originating from Russia, named “DarkSide.”
The White House said last week that an attack on JBS USA, one of the world’s largest food companies, was the work of a “criminal organization likely based in Russia. In the wake of the JBS attack, the US Cybersecurity and Infrastructure Security Agency (CISA) warned that any organization can be affected by ransomware “in any sector of the economy.”
“As this and other recent incidents demonstrate, the threat of ransomware continues to be severe. Ransomware can affect any organization in any sector of the economy. All organizations should urgently review our available resources and implement best practices to protect their networks from these types of threats,” Eric Goldstein, the executive assistant director for cybersecurity at CISA, said in a statement.
This story has been updated with additional details Wednesday.
CNN’s Alex Marquardt, Maegan Vazquez, Allie Malloy, Devan Cole, Stephen Collinson and Chandelis Duster contributed to this report.