correction
A previous version of this article misstated the call letters of KHQA and the channel numbers of WLUK Fox 11. This article has been corrected.
Sinclair Broadcast Group was the target of a ransomware attack that disrupted operations this weekend at several television stations, the company said Monday in a regulatory filing.
The Hunt Valley, Md.-based company disclosed the breach in a Securities and Exchange Commission filing after the Record, an online publication owned by the cybersecurity firm Recorded Future, reported that a number of its television stations had been affected.
Sinclair is the latest in a growing list of businesses, schools, hospitals and other institutions to face ransom demands from hackers who use malware to encrypt data on their computer systems, rendering them unusable. As of Monday afternoon, it was unclear who was responsible for the hack.
Story continues below advertisement
The shadow industry of online extortionists, often led by Russian criminal groups, pulled in more than $400 million last year, according to Chainalysis, a firm that tracks cryptocurrency payments. The White House has made fighting ransomware a priority, and President Biden has urged President Vladimir Putin to rein in ransomware criminals operating out of Russia.
Hacks and data breaches are all too common. Here’s what to do if you’re affected.
Sinclair began investigating Saturday, the filing said, and by Sunday had discovered that several of its servers and workstations were encrypted with ransomware. It also said hackers took unspecified data.
The cyberattack “has caused — and may continue to cause — disruption to parts of the Company’s business, including certain aspects of its provision of local advertisements,” the company said in the filing.
Story continues below advertisement
Leigh Anne Arnold, a Sinclair spokeswoman, said the company is “working diligently to address the incident and to restore operations quickly and securely.”
Doug Madory, director of Internet analysis at Kentik, said a number that Sinclair uses for routing online traffic went dark late Sunday night after a brief flurry of activity. Madory said it could have been an indicator of bad actors exfiltrating data or possibly a sign the company was attempting to remediate. Sinclair has retained a cybersecurity company with experience in ransomware remediation, according to the SEC filing.
Biden administration holds meeting on ransomware threat with more than 30 nations and E.U.
The company, which has 185 television stations in 86 markets, did not address questions regarding how widespread the service disruptions were, but at least a half-dozen of its stations used social media to inform audiences of the outages. They include KHQA (Channel 7) in Hannibal, Miss.; KOMO News in Seattle; WLUK Fox 11 in Wisconsin; CBS (Channel 6) in Albany, N.Y.; and KATU (Channel 2) in Portland, Ore.
Story continues below advertisement
“Technical issues have kicked us off the air this morning,” tweeted Phil Kelly, a host at a Columbus television station. “It’s a corporate wide problem that our engineers are working hard to fix. Hopefully see you soon?”
Some journalists continued to deliver broadcasts through Facebook Live and video clips on Twitter, sharing updates on local news, traffic and weather.
KATU News, which serves Portland and Southwest Washington state, was on the air Monday morning but still experiencing difficulties. “We are on the air, still dealing with significant technical issues… So our newscast looks a bit different today. But, we’re here! Bear with us as we work through the challenges,” said KATU News’s Hannah Olsen on Twitter.
The anatomy of a ransomware attack
Some Twitter users responded to the posts with confusion about why systems were down. Heather Kovar, an anchor and reporter in Albany for WRGB (CBS 6) addressed sports fans on Twitter, posting Sunday morning that “NFL Today is now airing on CBS 6. Thank you for your patience as we worked to correct our technical difficulties.”
Story continues below advertisement
Since the cyberattacks on the Colonial Pipeline in May and on meat supplier JBS weeks later, the U.S. government has stepped up efforts to combat them. Last week, the Biden administration concluded a two-day meeting on ransomware with more than 30 nations recognizing it for the first time as a global security threat and agreeing to work together to fight it.
The Recorder, citing a person in contact with Sinclair employees, reported that the hack disrupted several stations because many sections of their systems are connected through the same Active Directory domain, making it hard to isolate the breach. But the hackers did not appear to have reached a Sinclair system called “the master control,” allowing the broadcasting company to replace local feeds with a national one.
Sinclair shares closed Monday at $26.39, down more than 2.9 percent.