Skip to Content

Sinclair Broadcast Group hit by ransomware attack, upending local TV newscasts

<i>Rafael Henrique/SOPA Images/LightRocket/Getty Images</i><br/>Sinclair Broadcast Group
SOPA Images/LightRocket via Gett
Rafael Henrique/SOPA Images/LightRocket/Getty Images
Sinclair Broadcast Group

By Sean Lyngaas and Brian Stelter, CNN

Sinclair Broadcast Group, one of the largest TV station operators in the US, said Monday that a ransomware incident is disrupting some of its office and operational networks.

At an early afternoon town hall meeting held via Zoom, staffers were told that the ripple effects are widespread and the full ramifications are not yet known.

The intrusion “has caused — and may continue to cause — disruption to parts of the company’s business, including certain aspects of its provision of local advertisements by its local broadcast stations on behalf of its customers,” the company told investors. Shares traded down nearly 3%.

The disturbance impeded the production of local newscasts throughout the day on Sunday and again on Monday, according to staffers at some TV stations.

“Still no email, phones, file video or graphics,” a reporter said Monday.

“They expect us to keep broadcasting as if we aren’t down,” a reporter at a different station said.

They requested anonymity because Sinclair executives have prohibited employees from speaking with outside media about the matter.

Some of the impacts of the ransomware attack are visible to viewers. At WBFF in Baltimore, Sinclair’s flagship station, Monday’s midday newscasts aired without any of the usual graphics or accompaniments. Some of the usually live segments were clearly pretaped.

The reporters who spoke with CNN said they have not been told of any timetable for getting back to normal.

Sinclair began investigating the incident on Saturday, and on Sunday identified “certain servers and workstations in its environment were encrypted with ransomware,” Monday’s corporate statement said.

The unidentified hackers also stole data from Sinclair’s network; the company said it was working to determine what information was taken. Sinclair said it had notified law enforcement and US government agencies, and that it was working to “restore operations quickly and securely.”

Sinclair CEO Chris Ripley repeated the statement at Monday afternoon’s town hall and fielded questions from staffers, but he had little concrete information to share, according to the reporters who spoke with CNN.

He did specify that employees will still receive their paychecks despite the disruption, one of the reporters said.

Sinclair is responsible for 185 television stations in 86 markets, according to its website. It also runs regional sports networks.

The company’s stations are still on the air, and are continuing to show national and syndicated programming like talk shows and sitcoms.

The problems are largely hindering local live programming, like the newscasts that typically air for multiple hours a day.

Some stations struggled to produce newscasts on Sunday without writing, editing or scheduling software.

Kristin Bien, a weekend anchor at Sinclair-owned WSBT 22, tweeted Sunday morning that the incident was a “corporate-wide problem.”

“All we are told right now is that we have technical difficulties,” one journalist at a Sinclair-owned station told CNN Sunday night. “We are still told to broadcast if we can, so we’re doing what we can with our live unit and weather graphics. We don’t have access to our company emails or anything that requires a company log in.”

Ransomware — malicious software that locks computer networks until victims pay a fee — has been a threat to US businesses for years. But it became a national security priority for the Biden administration after a series of ransomware incidents disrupted US critical infrastructure firms this year.

This isn’t the first time that a cybersecurity incident has hobbled a prominent TV broadcaster.

Australia’s 9 News network in March said a cyberattack disrupted its live broadcasts. And in the US, local stations owned by the Cox Media Group were hit in June.

The Record, a cybersecurity news outlet, was first to report on the ransomware incident at Sinclair.

™ & © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.

Article Topic Follows: CNN – Business/Consumer

Jump to comments ↓

Author Profile Photo

CNN Newsource


News Channel 3-12 is committed to providing a forum for civil and constructive conversation.

Please keep your comments respectful and relevant. You can review our Community Guidelines by clicking here

If you would like to share a story idea, please submit it here.

Skip to content