Sinclair Broadcast Taken Down By Ransomware

TV Stations owned by the Sinclair Broadcast Group were taken down across the US due to a ransomware attack last weekend.

Sinclair Broadcast Group is a Fortune 500 media company (with annual revenues of $5.9 billion in 2020) and a leading local sports and news provider that owns multiple national networks.

Its operations include 185 television stations affiliated with Fox, ABC, CBS, NBC, and The CW (including 21 regional sports network brands), with approximately 620 channels in 87 markets across the US (amounting to almost 40% of all US households).

This is the second incident that impacted Sinclair’s TV stations in July 2021, when the company asked all Sinclair stations to change passwords “as quickly as possible” following a security breach.

It is believed the ransomware attack shut down Active Directory services for the domain, leading to wide disruption throughout the entire organization and affiliates by blocking access to domain resources across the network

Several corporate assets were taken down in the incident, including the email servers, broadcasting, and newsroom systems, forcing TV stations to create Gmail accounts to receive news tips from viewers and use PowerPoint for newscasts graphics.

The company released a statement saying, “On October 16, 2021, the Company identified and began to investigate and take steps to contain a potential security incident. On October 17, 2021, the Company identified that certain servers and workstations in its environment were encrypted with ransomware, and that certain office and operational networks were disrupted. Data also was taken from the Company’s network. The Company is working to determine what information the data contained and will take other actions as appropriate based on its review.

Promptly upon detection of the security event, senior management was notified, and the Company implemented its incident response plan, took measures to contain the incident, and launched an investigation. Legal counsel, a cybersecurity forensic firm, and other incident response professionals were engaged. The Company also notified law enforcement and other governmental agencies. The forensic investigation remains ongoing.

While the Company is focused on actively managing this security event, the event has caused – and may continue to cause – disruption to parts of the Company’s business, including certain aspects of its provision of local advertisements by its local broadcast stations on behalf of its customers. The Company is working diligently to restore operations quickly and securely.

As the Company is in the early stages of its investigation and assessment of the security event, the Company cannot determine at this time whether or not such event will have a material impact on its business, operations or financial results.”

While regional sports channels were largely not affected by the incident, there are reports that, in some US markets, local NFL games were replaced by national sports programming (such as bowling).

A sinclair spokesperson said of the ransomware attack, “Sinclair Broadcast Group recently identified a cybersecurity incident involving our network. As a result of the incident, certain devices were encrypted with ransomware, data was taken from our environment, and certain business operations have been disrupted. Senior management was notified, and we implemented our incident response and business continuity protocols, took measures to contain the incident, and launched an investigation. A cybersecurity firm that has assisted other companies in similar circumstances was engaged, and law enforcement and other governmental agencies were notified.

We are working diligently to address the incident and to restore operations quickly and securely. As we work to complete the investigation, we will look for opportunities to enhance our existing security measures. We appreciate your patience and understanding as we work through this incident.”