KEY POINTS

  • Ransomware attack hit Sinclair Broadcast Group and steal some of the company’s data

  • The attack stole the company's data and encrypted some of its key operational servers

  • The U.S. administration treats ransomware attack as a national security threat

Several media groups confirmed that they have been hit by ransomware attacks that went as far as infecting their servers and disabling their station computer for days.

Sinclair Broadcast Group, the parent company of dozens of news stations across the U.S., confirmed that a ransomware attack hit the company. The company said the threat actors successfully stole some of the company’s data and encrypted key operational servers in an incident detected over the weekend, NBC News reported.

The report said that the company began an investigation immediately after identifying the potential security incident on Saturday. The incident was also reported to the senior management who then initiated the move to contain the matter.

On Sunday, Sinclair employees discovered that some of the company’s office and operational networks were disrupted because of ransomware encryption. Sinclair said it also brought the incident to the attention of the government and law enforcement agencies.

Sinclair said it is still in the process of identifying what information was stolen and will do the necessary actions based on the result of the investigation. Several incident response professionals such as legal counsel and cyber security forensic firms are also taking part in the investigation.

Hackers often launch their attacks at a time when their target companies do not have enough manpower. In this case, the threat actors executed their plan at the beginning of the weekend when Sinclair could be short-staffed.

The Sinclair Broadcast Group ransomware attack is not the first reported media group ransomware strike. Back in June, WFTV in Orlando, Florida, WSOC in Charlotte, North Carolina and WPXI, an NBC affiliate in Pittsburgh, went offline for days.

The three TV stations are owned by the COX Media Group that reportedly suffered from a ransomware attack. The attack paralyzed the company’s communication system by shutting down its computers and phones.

An employee who requested anonymity for disclosing company matters said, they were only able to communicate over personal phones and text messages during the attack.

Cybercriminals use ransomware as a platform for extortion. They remotely attack companies by stealing data, locking up the victim’s computer devices, and threatening to leak or sell data if the victim refused to pay the amount they demand.

Earlier in June, the Biden administration said it will no longer treat the ransomware attack as a criminal crime but a national security threat, NBC News reported.

The ransomware-hit US IT firm Kaseya said it had fully restored its servers after an attack that affected hundreds of businesses and organizations worldwide
The ransomware-hit US IT firm Kaseya said it had fully restored its servers after an attack that affected hundreds of businesses and organizations worldwide AFP / Fred TANNEAU