Sinclair TV stations disrupted across the US after ransomware attack

Sinclair formally confirmed the ransomware attack a day after this initial report in SEC documents. Original reporting below.

TV broadcasts for Sinclair-owned channels have gone down today across the US in what the stations have described as technical issues, but which multiple sources told The Record to be a ransomware attack.

The incident occurred in the early hours of the day and took down the Sinclair internal corporate network, email servers, phone services, and the broadcasting systems of local TV stations.

As a result of the attack, many channels weren’t able to broadcast morning shows, news segments, and scheduled NFL games, according to a barrage of tweets coming from viewers and the TV channels themselves.

Image: The Record

“Internally, it’s bad,” a source who had to call Sinclair employees on their personal numbers to get more details about the attack, told The Record earlier today in a private conversation.

The attack could have been isolated, but many sections of the Sinclair IT network were interconnected through the same Active Directory domain, allowing the attackers to reach broadcasting systems for local TV stations.

However, the attack did not reach the part of the Sinclair broadcast system called “the master control,” which allowed the company to replace the scheduled local programming on the affected channels with a national feed, allowing some channels to at least remain on the air.

Image: The Record

The incident comes after Sinclair performed a company-wide password reset for IT resources shared by local stations in July after what it described as a “potentially serious network security issue.”

At the time of writing, it is unclear how many Sinclair TV stations have been impacted. A Sinclair spokesperson could not be contacted via email or phone as these systems were down because of the attack.

The Sinclair Broadcast Group is one of the largest media empires in the US, controlling 294 television stations in 89 markets across the US. The Record found tens of Sinclair stations, from Washington to Maryland and from Illinois to Texas, which announced technical issues today.

Signs of the major outage that is still underway can also be seen via the Hulu Support Twitter account, which has spent most of the day responding to issues caused by the Sinclair incident.

Ransomware attacks that hit major TV and radio stations and took down live broadcasts also are not that rare and have happened before. Past incidents include:

The attack is expected to hit Sinclair very hard as the local stations will be losing advertising revenue until they regain control over their broadcasting systems.

Article updated on October 18, 8am with link to SEC filing.

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Recent Posts

A top Ukrainian security official on defending the nation against cyber attacks

In the wake of an escalating crisis between Ukraine and Russia, Serhii Demediuk agreed to…

7 hours ago

Ukraine investigates multiple intrusion vectors in last week’s website defacements, data wiper attacks

The Ukrainian government said on Monday that it is investigating multiple intrusion vectors that could…

10 hours ago

Europol takes down VPNLab, a service used by ransomware gangs

An international law enforcement operation has seized the servers of, a virtual private network…

19 hours ago

Report: Going to the Beijing Olympics? Leave anything with an electron home

According to a new report, visitors to China during the Olympics who use local VPN…

1 day ago

Earth Lusca threat actor targets governments and cryptocurrency companies alike

Cybersecurity researchers said they discovered a Chinese cyber-espionage group that, besides spying on strategic targets,…

2 days ago

Women human rights defenders speak out after Pegasus spyware attacks

A new report shows spyware sold to governments was used to target women human rights…

2 days ago