Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Sinclair Hit by Ransomware Attack, TV Stations Disrupted

Sinclair Broadcast Group, which operates dozens of TV stations across the U.S., said Monday that some of its servers and work stations were encrypted with ransomware and that data was stolen from its network.

Sinclair Broadcast Group, which operates dozens of TV stations across the U.S., said Monday that some of its servers and work stations were encrypted with ransomware and that data was stolen from its network.

The company said it started investigating Saturday and on Sunday it found that some of its office and operational networks were disrupted. The broadcast group did not immediately say how many TV stations were directly affected.

The Hunt Valley, Maryland-based company either owns or operates 21 regional sports network and owns, operates or provides services to 185 television stations in 86 markets.

In Toledo, Ohio, WNWO appeared to be off the air Monday afternoon. The station posted on Facebook that “our operations are currently limited. We will provide further updates as they become available.”

[ ReadBanks Notify U.S. Treasury of $590 Million in Ransomware Payments ]

On WJLA, a Sinclair-owned ABC affiliate in Washington, anchors opened their 4 p.m. newscast by telling viewers the station was under cyberattack and its computers and video servers were down. Nashville, Tennessee’s WZTV put out a notice on its website Monday about “serious technical issues” at the TV station affecting its ability to stream content.

“We are also currently unable to access our email and your phone calls to the station,” it said.

Sinclair said it’s taken measures to contain the breach and that its investigation is ongoing. However, it said that the data breach has caused — and may continue to cause — disruption to parts of its business, including aspects of local advertisements by local broadcast stations. The company said it is working to restore operations.

Advertisement. Scroll to continue reading.

Sinclair said it can’t determine whether or not the data breach will have a material impact on its business, operations or financial results.

Ransomware attacks, in which cyber criminals encrypt an organization’s data and then demand payment to unscramble it, are a growing scourge in the United States. The Biden administration has pledged to disrupt and prosecute criminal networks like the one that attacked a major U.S. pipeline company in May. The attack on Colonial Pipeline, which led to gas shortages along the East Coast, was attributed to a Russia-based gang of cybercriminals.

Ransomware payments reached more than $400 million globally in 2020 and topped $81 million in the first quarter of 2021, according to the U.S. government.

Crane Hassold, director of threat intelligence at Abnormal Security, said the hackers behind the ransomware attack on Sinclair could have gotten into the company’s system a while ago.

“With many ransomware attacks these days, the initial access that precipitated the attack generally occurs weeks, if not months, ahead of time,” he said.

Several media outlets have been hit by ransomware attacks in recent years. Cox Media Group, a major media conglomerate, said recently it was the target of a ransomware attack earlier this year. And a ransomware attack briefly knocked the Weather Channel off air in 2019.

Sinclair’s shares fell 80 cents, or about 3%, to close Monday at $26.39.

Related: White House Blacklists Russian Ransomware Payment ‘Enabler’

Related: Hit by a Ransomware Attack? Your Payment May be Deductible

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.