Sinclair TV stations disrupted across the US after ransomware attack
Sinclair formally confirmed the ransomware attack a day after this initial report in SEC documents. Original reporting below.
TV broadcasts for Sinclair-owned channels have gone down today across the US in what the stations have described as technical issues, but which multiple sources told The Record to be a ransomware attack.
The incident occurred in the early hours of the day and took down the Sinclair internal corporate network, email servers, phone services, and the broadcasting systems of local TV stations.
As a result of the attack, many channels weren't able to broadcast morning shows, news segments, and scheduled NFL games, according to a barrage of tweets coming from viewers and the TV channels themselves.
"Internally, it's bad," a source who had to call Sinclair employees on their personal numbers to get more details about the attack, told The Record earlier today in a private conversation.
The attack could have been isolated, but many sections of the Sinclair IT network were interconnected through the same Active Directory domain, allowing the attackers to reach broadcasting systems for local TV stations.
However, the attack did not reach the part of the Sinclair broadcast system called "the master control," which allowed the company to replace the scheduled local programming on the affected channels with a national feed, allowing some channels to at least remain on the air.
The incident comes after Sinclair performed a company-wide password reset for IT resources shared by local stations in July after what it described as a "potentially serious network security issue."
At the time of writing, it is unclear how many Sinclair TV stations have been impacted. A Sinclair spokesperson could not be contacted via email or phone as these systems were down because of the attack.
The Sinclair Broadcast Group is one of the largest media empires in the US, controlling 294 television stations in 89 markets across the US. The Record found tens of Sinclair stations, from Washington to Maryland and from Illinois to Texas, which announced technical issues today.
Signs of the major outage that is still underway can also be seen via the Hulu Support Twitter account, which has spent most of the day responding to issues caused by the Sinclair incident.
Ransomware attacks that hit major TV and radio stations and took down live broadcasts also are not that rare and have happened before. Past incidents include:
- Cox Media Group (June 2021)
- France's M6 (October 2019)
- Entercom (September 2019)
- The Weather Channel (April 2019)
The attack is expected to hit Sinclair very hard as the local stations will be losing advertising revenue until they regain control over their broadcasting systems.
Article updated on October 18, 8am with link to SEC filing.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.