Tuesday, October 19, 2021

Cyberattack On Sinclair Could Have Been Made Months Ago

Sinclair Broadcast Group, which operates dozens of TV stations across the U.S., said Monday that some of its servers and work stations were encrypted with ransomware and that data was stolen from its network, reports The Associated Press.

The company said it started investigating Saturday and on Sunday it found that some of its office and operational networks were disrupted. The broadcast group did not immediately say how many TV stations were directly affected.

The Hunt Valley, Maryland-based company either owns or operates 21 regional sports network and owns, operates or provides services to 185 television stations in 86 markets.

In Toledo, Ohio, WNWO appeared to be off the air Monday afternoon. The station posted on Facebook that “our operations are currently limited. We will provide further updates as they become available.”

On WJLA, a Sinclair-owned ABC affiliate in Washington, anchors opened their 4 p.m. newscast by telling viewers the station was under cyberattack and its computers and video servers were down. Nashville, Tennessee’s WZTV put out a notice on its website Monday about “serious technical issues” at the TV station affecting its ability to stream content.

At WBFF in Baltimore, Sinclair's flagship station, Monday's newscasts aired without any of the usual graphics or accompaniments. Some of the usually live segments were clearly pretaped.

“We are also currently unable to access our email and your phone calls to the station,” it said.

Sinclair no longer owns any radio properties, however a cluster of Seattle radio stations the company closed on October 4, 2021 to Lotus Communications is still located at Sinclair’s offices in the KOMO Plaza building. Local reports indicate that Hot AC “Star 101.5” KPLZ-FM has had intermittent dead-air, songs skipping, and no imaging between songs. Online streaming is down for KPLZ-FM, KOMO and Conservative Talk 570 KVI.

Sinclair said it’s taken measures to contain the breach and that its investigation is ongoing. However, it said that the data breach has caused — and may continue to cause — disruption to parts of its business, including aspects of local advertisements by local broadcast stations. The company said it is working to restore operations.

Ransomware attacks, in which cyber criminals encrypt an organization’s data and then demand payment to unscramble it, are a growing scourge in the United States. The Biden administration has pledged to disrupt and prosecute criminal networks like the one that attacked a major U.S. pipeline company in May. The attack on Colonial Pipeline, which led to gas shortages along the East Coast, was attributed to a Russia-based gang of cybercriminals.

Ransomware payments reached more than $400 million globally in 2020 and topped $81 million in the first quarter of 2021, according to the U.S. government.

Crane Hassold, director of threat intelligence at Abnormal Security, said the hackers behind the ransomware attack on Sinclair could have gotten into the company’s system a while ago.

“With many ransomware attacks these days, the initial access that precipitated the attack generally occurs weeks, if not months, ahead of time,” he said.

Sinclair is the latest broadcast group to be hit with a ransomware attack. Dozens of local newscasts and other programming on its TV stations went off the air on Sunday after a number of servers and workstations were encrypted with ransomware, disrupting certain office and operational networks. The company also said data was taken from its network in the breach. Sinclair says it is working to determine what information the data contained and will it plans to take other actions as needed, based on its review.

No comments:

Post a Comment