Sinclair Broadcast Group, a company that owns or operates 185 TV stations in 86 markets, was victimized by a ransomware attack over the weekend. The company, which also operates several regional sports networks, said it has identified that some of its servers and workstations were encrypted with ransomware that, in turn, disrupted a portion of Sinclair's office and operational networks.
Sinclair did not explain the nature of the attack in great detail, but ransomware attacks tend to be fueled by malware that encrypts files and renders them, and some of the systems underpinning them, unusable. The attackers then demand a ransom to be paid, usually in a form of cryptocurrency, in exchange for what's needed for decryption.
Sinclair said it's working to determine what information the data contained "and will take other actions as appropriate based on its review." The company did not say whether it intended to pay off the attackers, or whether the event will have a material impact on Sinclair's business, operations or financial results.
The company said it quickly implemented its "incident response plan" and took measures to contain the incident. Sinclair said it has also launched an investigation, engaged with legal counsel and a cybersecurity forensic firm, and alerted law enforcement and other government agencies as part of its response.
In the meantime, Sinclair said the ransomware attack could continue to cause more disruptions to parts of its business, but it is "working diligently to restore operations quickly and securely." Those disruptions include "aspects of its provision of local advertisements by its local broadcast stations," the company said.
"On October 16, 2021, the Company identified and began to investigate and take steps to contain a potential security incident," Sinclair said in a statement. "On October 17, 2021, the Company identified that certain servers and workstations in its environment were encrypted with ransomware, and that certain office and operational networks were disrupted. Data also was taken from the Company's network."
Another wake-up call for the industry
Lisa Plaggemier, interim executive director at the National Cybersecurity Alliance, an organization originally funded by the US Department of Homeland Security, said the situation at Sinclair should serve as a wake-up call for other broadcasters and programmers.
"If you're not already treating [a ransomware attack] as a when, not an if, then hopefully after this you're treating it like a when," she said.
Plaggemier said ransomware attacks are rising rapidly, particularly in the US, pointing to data that overall attacks had increased 150% through the first six months of 2021 alone compared to all of 2020.
As Light Reading reported in May, the ransomware threat to the industry is in its early days. Of recent note, Toshiba was hit by a ransomware attack by DarkSide, the hacking group that attacked Colonial Pipeline, which reportedly paid nearly $5 million to reopen its 5,500-mile pipeline. Cox Media Group, a unit of Cox that operates TV and radio stations, was a victim of a ransomware attack in June.
Plaggemier credited Sinclair with responding quickly to maintain trust with consumers and the industry, but stressed that such attacks are "complex" and that the research into the origins of how it happened will take time. It's possible Sinclair will never be able to uncover the source, she said.
Sinclair hasn't suggested how the ransomware attack occurred, but Plaggemier said the "vast majority" of such attacks start with a simple phishing email. Phishing schemes have gotten more sophisticated and tricky, she said, noting that it's evolved into "organized crime."
She also advises that other media companies invest in training employees to ward against such attacks. In addition, she thinks it's a good idea for companies to get their IT, security execs and overall leadership together and work with consulting firms to discuss and go through the exercise of a ransomware attack.
"It helps to get the whole team feeling prepared and it flushes out weaknesses you might have or gaps you might have to help you be better prepared," Plaggemier said. "And it helps you to force that conversation before you have a ransomware attack and whether or not you're going to pay the ransom."
Treat cybersecurity and ransomware attacks "like any other risk to your business," she added. "It's a risk that has to be managed ... The worst thing you can do is nothing."
And while Sinclair has yet to say whether it will pay a ransom to the wrongdoers, Plaggemier hopes the company can avoid it.
"I'm a huge proponent of not paying a ransom, or having a policy of not paying cyber criminals," she said. "It just fuels more cybercrime. As long as it works and as long as people are paying, they will keep doing it."
- The ransomware threat is just getting started
- T-Mobile admits breach after epic hacking claims
- High-intensity cybersecurity attacks on the rise, Telia Carrier reports
- Podcast: NTT tracks Kaseya ransomware attack
— Jeff Baumgartner, Senior Editor, Light Reading