Some Radio, but mostly TV broadcasts for Sinclair-owned channels nationwide are being reported as technical issues, but which multiple sources told The Record to be a ransomware attack.
The incident occurred in the early hours of Sunday and took down the Sinclair internal corporate network, email servers, phone services, and the broadcasting systems of local TV stations.
As a result of the attack, many channels weren’t able to broadcast morning shows, news segments, and scheduled NFL games, according to a barrage of tweets coming from viewers and the TV channels themselves.
“Internally, it’s bad,” a source who had to call Sinclair employees on their personal numbers to get more details about the attack, told The Record in a private conversation.The attack could have been isolated, but many sections of the Sinclair IT network were interconnected through the same Active Directory domain, allowing the attackers to reach broadcasting systems for local TV stations.
However, the attack did not reach the part of the Sinclair broadcast system called “the master control,” which allowed the company to replace the scheduled local programming on the affected channels with a national feed, allowing some channels to at least remain on the air.
The incident comes after Sinclair performed a company-wide password reset for IT resources shared by local stations in July after what it described as a “potentially serious network security issue.”
It is unclear how many Sinclair TV stations have been impacted. A Sinclair spokesperson could not be contacted via email or phone as these systems were down because of the attack.
Sinclair no longer owns any radio properties, however cluster of Seattle radio stations the company closed on October 4, 2021 to Lotus Communications are still located at Sinclair’s offices in the KOMO Plaza building. Local reports indicate that Hot AC “Star 101.5” KPLZ-FM has had intermittent dead-air, songs skipping, and no imaging between songs. Online streaming is down for KPLZ-FM, KOMO and Conservative Talk 570 KVI.
In a press release today Sinclair provided information on the cybersecurity incident:"On October 16, 2021, the Company identified and began to investigate and take steps to contain a potential security incident. On October 17, 2021, the Company identified that certain servers and workstations in its environment were encrypted with ransomware, and that certain office and operational networks were disrupted. Data also was taken from the Company’s network. The Company is working to determine what information the data contained and will take other actions as appropriate based on its review.
"Promptly upon detection of the security event, senior management was notified, and the Company implemented its incident response plan, took measures to contain the incident, and launched an investigation. Legal counsel, a cybersecurity forensic firm, and other incident response professionals were engaged. The Company also notified law enforcement and other governmental agencies. The forensic investigation remains ongoing.
"While the Company is focused on actively managing this security event, the event has caused – and may continue to cause – disruption to parts of the Company’s business, including certain aspects of its provision of local advertisements by its local broadcast stations on behalf of its customers. The Company is working diligently to restore operations quickly and securely.
"As the Company is in the early stages of its investigation and assessment of the security event, the Company cannot determine at this time whether or not such event will have a material impact on its business, operations or financial results."The Sinclair Broadcast Group is one of the largest media empires in the US, controlling 294 television stations in 89 markets across the US. The Record found tens of Sinclair stations, from Washington to Maryland and from Illinois to Texas, which announced technical issues today.
Ransomware attacks that hit major TV and radio stations and took down live broadcasts also are not that rare and have happened before. Past incidents include:
- Cox Media Group (June 2021)
- France’s M6 (October 2019)
- Entercom, Now Audacy (September 2019)
- The Weather Channel (April 2019)
The attack is expected to hit Sinclair very hard as the local stations will be losing advertising revenue until they regain control over their broadcasting systems.
No comments:
Post a Comment