Sinclair T.V. Stations Knocked Offline After a Major Ransomware Attack
Table of Contents
- By Dawna M. Roberts
- Published: Oct 28, 2021
- Last Updated: Mar 18, 2022
Multiple news outlets reported today about a ransomware attack on Sinclair T.V. stations, knocking them offline. Viewers took to Twitter to complain about multiple T.V. channels offline.
What Happened to Sinclair?
On Saturday, Sinclair Broadcast Group suffered a major cyber attack, resulting in hundreds of T.V. stations going offline. Threatpost said, “The incident is disrupting its advertising operations, among other things, and spread to many of its owned T.V. affiliates over the weekend, knocking local broadcast feeds off the air.”
In a report filed with the Securities and Exchange Commission (SEC), the company stated that business operations were also disrupted, and the hackers exfiltrated data.
“On October 16, 2021, the company identified and began to investigate and take steps to contain a potential security incident. On October 17, 2021, the company identified that certain servers and workstations in its environment were encrypted with ransomware and that certain office and operational networks were disrupted.”
In a statement to the press, Sinclair mentioned that it is “actively managing” the aftermath of the attack and working on mitigating the situation. Thankfully, the T.V. station giant had an incident-response plan to work from.
The incident continues to disrupt broadcasting and advertising. The company stated that “The forensic investigation remains ongoing.”
Threatpost adds that “The incident occurred in the early hours of the day and took down the Sinclair internal corporate network, email servers, phone services, and the broadcasting systems of local T.V. stations.”
Sinclair received a barrage of angry tweets over the weekend due to disrupted airing for news channels, NFL games, and other scheduled programming.
An anonymous source within the company told reporters that “Internally, it’s bad.” Unfortunately, due to deep network connections, all of Sinclair’s systems were affected. Had they not been so interconnected, the attack may have been isolated.
Even though the situation was dire, hackers were not able to breach the “master control” system, which allowed the company to replace some programming and keep some channels on air.
Not the First Time?
According to inside sources, the company forced a password reset in July after experiencing a “potentially serious network security issue.” However, threat assessors say that was the writing on the wall. The company knew there was a danger of an intrusion or a partial breach that resulted in the ransomware attack on Monday.
So far, it is unclear how many T.V. stations are affected and if the company plans on paying the ransom. Additionally, no one has clearly outlined what type of data was stolen or who the victims are.
Threatpost consulted with Jon Clay V.P. of Threat Intelligence at Trend Micro, and he said via email, “Modern ransomware actors have learned to target an organization’s critical business systems as these need to be back online quickly, and one of the easiest ways is to pay the ransom to obtain the key to decrypt those systems. In this situation, targeting customers of the victim (local advertisers) by taking their revenue opportunities away could ensure the ransom is paid in order to get these systems back online quickly.”
Who is Sinclair?
According to The Record “The Sinclair Broadcast Group is one of the largest media empires in the U.S., controlling 294 television stations in 89 markets across the U.S. The Record found tens of Sinclair stations, from Washington to Maryland and from Illinois to Texas, which announced technical issues today.”
know what was happening. By Monday, the company had restored some of the outages.