Sinclair Broadcast Group Says Some of Its TV Stations Hit By Ransomware Attack

The Sinclair Broadcast Group said Monday that some of its servers and stations had been hit with a ransomware attack and data stolen from its network, the Associated Press reported.

The company, which operates dozens of televisions stations across the country, said that it began investigating the apparent ransomware encryption over the weekend and found that some of its office and operational networks had been impacted.

Sinclair did not immediately disclose how many TV stations were disrupted by the reported attack, but some stations announced through their websites or social media accounts that they were experiencing issues.

WNWO in Toledo, Ohio, appeared to be off the air Monday afternoon, and the station wrote on Facebook that "our operations are currently limited" and promised to "provide further updates as they become available."

Additionally, WZTV in Nashville, Tennessee, notified website users Monday of "serious technical issues" at the station that impacted its ability to stream content, AP reported.

"We are also currently unable to access our email and your phone calls to the station," the notice said.

For more reporting from the Associated Press, see below.

Sinclair Reports Ransomware Attack
Sinclair Broadcast Group said on October 18, 2021, that it suffered a data breach and is still working to determine what information the data contained. Above, Sinclair Broadcast Group's headquarters in Hunt Valley, Maryland. Steve Ruark/AP Photo

The Hunt Valley, Maryland-based company either owns or operates 21 regional sports network and owns, operates or provides services to 185 television stations in 86 markets.

Sinclair said it has taken measures to contain the breach and that its investigation is ongoing. However, it said that the data breach has caused—and may continue to cause—disruption to parts of its business, including aspects of local advertisements by local broadcast stations. The company said it is working to restore operations.

Sinclair said it can't determine whether or not the data breach will have a material impact on its business, operations or financial results.

Ransomware attacks, in which cyber criminals encrypt an organization's data and then demand payment to unscramble it, are a growing scourge in the United States. The Biden administration has pledged to disrupt and prosecute criminal networks like the one that attacked a major U.S. pipeline company in May. The attack on Colonial Pipeline, which led to gas shortages along the East Coast, was attributed to a Russia-based gang of cybercriminals.

Ransomware payments reached more than $400 million globally in 2020 and topped $81 million in the first quarter of 2021, according to the U.S. government.

Crane Hassold, director of threat intelligence at Abnormal Security, said the hackers behind the ransomware attack on Sinclair could have gotten into the company's system a while ago.

"With many ransomware attacks these days, the initial access that precipitated the attack generally occurs weeks, if not months, ahead of time," he said.

Several media outlets have been hit by ransomware attacks in recent years. Cox Media Group, a major media conglomerate, said recently it was the target of a ransomware attack earlier this year. And a ransomware attack briefly knocked the Weather Channel off air in 2019.

Sinclair shares declined about 3 percent in afternoon trading Monday.

Correction 10/19/2021, 4:45 p.m. ET: This article was updated to replace a photo of WGN-TV, which is not owned by Sinclair. It is owned by Nexstar Media Group.

Sinclair Sign
The Sinclair Broadcast Group, which operates dozens of televisions stations across the country, said that it began investigating an apparent ransomware encryption over the weekend and found that some of its office and operational networks had been impacted. Above, a sign for the Sinclair building in Hunt Valley, Maryland. William Thomas Cain/Getty Images