19 October 2021

Sinclair Broadcasting TV Stations Experience Massive Outages During Ransomware Attack

Another one... and they don't stop
CHILEAN BANK SHUTS DUE TO RANSOMWARE ATTACK - AYO.NEWS

Filed under:

Sinclair TV stations experienced a massive outage during ransomware attack

In this photo illustration a Sinclair Broadcast Group (SBG)...

8 comments

The attack shut down local TV stations across the US

 
Emma Roth/The Verge:
"Sinclair, the broadcast group that runs some of the most popular local channels across the US, experienced a nationwide outage during a ransomware attack on October 16th (via The Record). Viewers initially were informed technical difficulties caused the disruption, but the US Securities and Exchange Commission published a filing from Sinclair two days later, identifying ransomware as the source of the outage.
WIRED Brand Lab | The Cybersecurity System of the Future | WIRED
“Certain servers and workstations in its environment were encrypted with ransomware, and that certain office and operational networks were disrupted,” the report reads. “Data also was taken from the Company’s network. The Company is working to determine what information the data contained and will take other actions as appropriate based on its review.”
. . .Sinclair’s report also notes the company still isn’t up and running at 100 percent. While it’s trying to resolve the issue, there may still be “disruption to parts of the Company’s business, including certain aspects of its provision of local advertisements by its local broadcast stations on behalf of its customers.”
Sinclair operates a massive number of local TV stations, causing the attack to prevent the company from broadcasting local news shows, sports games, and other scheduled content.
> According to The Record, the attack could’ve been much worse, as the bad actors weren’t able to compromise something called the “master control.” Having access to this tool let Sinclair replace some scheduled shows with a national feed — that way, not all of its channels were completely down.

Answers GIFs | Tenor

And as The Record notes, the ransomware attack was preceded by a call for a password reset across all of Sinclair following the discovery of a “potentially serious network security issue.” It’s unclear whether that security issue has anything to do with the attack that just transpired.

There still isn’t an official count of how many stations were shut down, as well as who exactly was responsible for the attack.

Ransomware attacks are becoming increasingly common; Colonial Pipeline, Gigabyte, and CNA Financial are just some of the high-profile companies targeted this year.

According to a report by the US Treasury, ransomware payouts in 2021 are on track to beat the combined payouts from the entire past decade."

 

REFERENCE: By Emma Roth Oct 19, 2021, 2:56pm EDT
____________________________________________________________________________
COMPANY STATEMENT/News Release Monday, 18 October at 07:30 a.m.
 
Sinclair Broadcast Group Provides Information On Cybersecurity Incident

BALTIMORE--()--Sinclair Broadcast Group, Inc. (Nasdaq: SBGI) today provided information on a recent cybersecurity incident.

On October 16, 2021, the Company identified and began to investigate and take steps to contain a potential security incident.

On October 17, 2021, the Company identified that certain servers and workstations in its environment were encrypted with ransomware, and that certain office and operational networks were disrupted.

Data also was taken from the Company’s network. The Company is working to determine what information the data contained and will take other actions as appropriate based on its review.

Promptly upon detection of the security event, senior management was notified, and the Company implemented its incident response plan, took measures to contain the incident, and launched an investigation. Legal counsel, a cybersecurity forensic firm, and other incident response professionals were engaged. The Company also notified law enforcement and other governmental agencies. The forensic investigation remains ongoing.

While the Company is focused on actively managing this security event, the event has caused – and may continue to cause – disruption to parts of the Company’s business, including certain aspects of its provision of local advertisements by its local broadcast stations on behalf of its customers. The Company is working diligently to restore operations quickly and securely.

As the Company is in the early stages of its investigation and assessment of the security event, the Company cannot determine at this time whether or not such event will have a material impact on its business, operations or financial results.

As the Company conducts its investigation, it will look for opportunities to enhance its existing security measures.

Cautionary Note Regarding Forward-Looking Statements

The matters discussed in this news release include forward-looking statements regarding, among other things, future events and actions. When used in this news release, the words “outlook,” “intends to,” “believes,” “anticipates,” “expects,” “achieves,” “estimates,” and similar expressions are intended to identify forward-looking statements. Such statements are subject to a number of risks and uncertainties. Actual results in the future could differ materially and adversely from those described in the forward-looking statements as a result of various important factors, including and in addition to the assumptions set forth therein, but not limited to: the ongoing assessment of the security event, material legal, financial and reputational risks resulting from a breach of our information systems, and operational disruptions due to the security event, and any risk factors set forth in the Company’s recent reports on Form 10-Q and/or Form 10-K, as filed with the SEC. There can be no assurances that the assumptions and other factors referred to in the information furnished herewith will occur. The Company undertakes no obligation to publicly release the results of any revisions to these forward-looking statements except as required by law.

About Sinclair Broadcast Group

Sinclair Broadcast Group, Inc. (Nasdaq: SBGI) is a diversified media company and a leading provider of local sports and news. The Company owns and/or operates 21 regional sports network brands; owns, operates and/or provides services to 185 television stations in 86 markets, owns multiple national networks including Tennis Channel and Stadium; and has TV stations affiliated with all the major broadcast networks. Sinclair’s content is delivered via multiple platforms, including over-the-air, multi-channel video program distributors, and digital and streaming platforms NewsOn and STIRR. The Company regularly uses its website as a key source of Company information which can be accessed at www.sbgi.net.

____________________________________________________________________________

Sinclair TV stations crippled by weekend ransomware attack

Sinclair TV network crippled by potential ransomware attack

Image: ThisisEngineering RAEng

Update October 18, 09:00 EST: Sinclair Broadcast Group has confirmed that it was hit by a ransomware attack over the weekend [press release, SEC filing]. Sinclair also said attackers have also stolen data from the company's network. . .

TV stations owned by the Sinclair Broadcast Group broadcast television company went down over the weekend across the US, with multiple sources telling BleepingComputer a ransomware attack caused the downtime.

Sinclair Broadcast Group is a Fortune 500 media company (with annual revenues of $5.9 billion in 2020) and a leading local sports and news provider that owns multiple national networks.

Its operations include 185 television stations affiliated with Fox, ABC, CBS, NBC, and The CW (including 21 regional sports network brands), with approximately 620 channels in 87 markets across the US (amounting to almost 40% of all US households).

This is the second incident that impacted Sinclair's TV stations in July 2021, when the company asked all Sinclair stations to change passwords "as quickly as possible" following a security breach.

Ransomware attack likely behind TV stations going down

Sources have told BleepingComputer that a ransomware attack caused these significant technical issues. The attackers have been able to impact many TV stations via Sinclair's corporate Active Directory domain.

BleepingComputer was also told that they shut down Active Directory services for the domain, leading to wide disruption throughout the entire organization and affiliates by blocking access to domain resources across the network

Several corporate assets were taken down in the incident, including the email servers, broadcasting, and newsroom systems, forcing TV stations to create Gmail accounts to receive news tips from viewers and use PowerPoint for newscasts graphics.

While regional sports channels were largely not affected by the incident, there are reports that, in some US markets, local NFL games were replaced by national sports programming (such as bowling).

Because of the ongoing issues, some stations were also forced to switch to live Facebook streams instead of their regular newscasts, while others were forced to delay evening newscasts altogether [12].

Sinclair TV stations slowly recovering

Since reports of Sinclair TV stations going down began coming in, as first reported by The Record, some of them have managed to start broadcasting again. However, it's evident that the incident severely impacted them. . .

A Sinclair spokesperson told BleepingComputer they company was the target of a ransomware attack after the story was published:

Sinclair Broadcast Group recently identified a cybersecurity incident involving our network. As a result of the incident, certain devices were encrypted with ransomware, data was taken from our environment, and certain business operations have been disrupted. Senior management was notified, and we implemented our incident response and business continuity protocols, took measures to contain the incident, and launched an investigation. A cybersecurity firm that has assisted other companies in similar circumstances was engaged, and law enforcement and other governmental agencies were notified. . .We appreciate your patience and understanding as we work through this incident."

No comments:

PROJECTING POWER FOR 4 MONTHS >> DEPLOYMENT TO CONFLICT ZONES: French aircraft carrier Charles de Gaulle departs for strategic 4-month Indo-Pacific mission amid global tensions

The carrier remains a centerpiece of France’s naval strategy, but its limitations underscore the need for its replacement. A thorough and de...