Sinclair, the broadcast group that runs some of the most popular local channels across the US, experienced a nationwide outage during a ransomware attack on October 16th (via The Record). Viewers initially were informed technical difficulties caused the disruption, but the US Securities and Exchange Commission published a filing from Sinclair two days later, identifying ransomware as the source of the outage.
“Certain servers and workstations in its environment were encrypted with ransomware, and that certain office and operational networks were disrupted,” the report reads. “Data also was taken from the Company’s network. The Company is working to determine what information the data contained and will take other actions as appropriate based on its review.”
A person close to the situation tells The Verge that as of yesterday, employees still had problems accessing email or signing into systems, but today, those things are restored.
The US Treasury identified over $590 million in suspected ransomware-related transactions between January and June
Sinclair’s report also notes the company still isn’t up and running at 100 percent. While it’s trying to resolve the issue, there may still be “disruption to parts of the Company’s business, including certain aspects of its provision of local advertisements by its local broadcast stations on behalf of its customers.”
Sinclair operates a massive number of local TV stations, causing the attack to prevent the company from broadcasting local news shows, sports games, and other scheduled content. According to The Record, the attack could’ve been much worse, as the bad actors weren’t able to compromise something called the “master control.” Having access to this tool let Sinclair replace some scheduled shows with a national feed — that way, not all of its channels were completely down.
And as The Record notes, the ransomware attack was preceded by a call for a password reset across all of Sinclair following the discovery of a “potentially serious network security issue.” It’s unclear whether that security issue has anything to do with the attack that just transpired. There still isn’t an official count of how many stations were shut down, as well as who exactly was responsible for the attack.
Ransomware attacks are becoming increasingly common; Colonial Pipeline, Gigabyte, and CNA Financial are just some of the high-profile companies targeted this year. According to a report by the US Treasury, ransomware payouts in 2021 are on track to beat the combined payouts from the entire past decade.