Second Sinclair cyberattack this year: downtime caused by ransomware

Technical issues with Sinclair stations caused by the company-wide ransomware attack

Sinclair confirms ransomware attackThe company reports the outage caused by the ransomware infection

Many Sinclair broadcast affiliates got affected by the cryptovirus infection spreading widely throughout the network.[1] The company admitted that technical issues occurring on Sunday were related to the ransomware infection.[2]

The Sinclair Broadcast Group television company went down, and all the stations across the United States were on shutdown. Operations include 185 television stations that are affiliated with Fox, ABC, CBS, NBC, and many more. At least 40% of all the households in the country experienced issues with the TV broadcast, including the NFL broadcasts.[3]

At first, once the channels had gone down, the problem was described as a technical issue, but various sources reported it to be a ransomware attack, in particular. Today, the officials from Sinclair Broadcast Group issued more information on the cybersecurity incident, confirming the ransomware and file encryption.[4]

The Company identified that certain servers and workstations in its environment were encrypted with ransomware, and that certain office and operational networks were disrupted.

Data from the network was apparently stolen

The announcement confirming the ransomware attack also states that the infection disrupted the environment, encrypted[5] files, and some of the files from the company's network were taken. It is not known nor confirmed what type of data got accessed and stolen. It is also not identified what ransomware gang is responsible for the outage too.

The investigation is still ongoing, but particular measures were taken to contain the incident. This is why the broadcasts got shut down. The attack was a major threat to the entire organization and affiliates. This disruption encouraged the company to clock access to domain resources across the whole network.

Email servers, broadcasting, newsroom systems were all shut down. These measures were needed, but TV stations got forced to create Gmail accounts to receive news tips from people and use other methods like PowerPoint to name newscast graphics. Some stations were also forced to go to Facebook live streams instead of regular TV news.

Previous cyber security incidents not speeding this recovery

The broadcast network slowly comes back on the air. TV stations managed to start their streams again, but the attack impacted stations majorly. Some stations still have issues with particular operations and display graphics. Programming, security, and other problems still occur for many of the affected channels and stations.

Unfortunately, this is not the first attack this year. Back in July, some of the computers owned by the company got affected by the cyber attack. The company informed people about the issue and asked stations to change passwords due to the breach.[6]

Right now, the issue with stolen data might grow out of proportion if the information contains sensitive data or valuable details that can become a reason for the secondary selling of the obtained data. Even the company's shares got down by 1,5% in premarket after these reports of ransomware attacks. The company also notes that there might be future statements about certain damage and results regarding the stolen data.

Company cannot determine at this time whether or not such event will have a material impact on its business, operations or financial results.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions