The Sinclair-owned channel network was temporarily brought down across the US in a suspected ransomware attack. The company claimed technical issues are to blame. However, The Record’s sources said the disruption was caused by a ransomware attack. The network is not sure how many of its stations have been affected, but tens of them took Twitter to announce they were down.
Sinclair is one of the US’ biggest media empires, with 294 television stations in 89 markets. The suspected attack took place early in the day and affected the entire Sinclair internal corporate IT ecosystem, including all email servers, phone relays, and the whole local TV station's broadcasting network.
In consequence, a lot of channels were not able to broadcast their scheduled shows, including morning shows, news, live NFL matches, and others. According to sources, the situation "is bad," but the company is trying to fix it.
The main reason is that their IT network routed many network relays through the same Active Directory domain, and this could enable attackers to reach the broadcasting systems used for local TV. Despite that, the possible attack failed to reach Sinclair‘s “master control” broadcast system, allowing the network to replace the local programs with a national feed to keep some of them on air.
The vent has occurred in the trail of a company-wide IT password reset that happened in July. This was done to cover for what the company described as a “potentially serious network security issue.” The attack will most likely cost Sinclair’s local stations a fair bit of advertising revenue until scheduled programming is reinstated.
Lately, ransomware groups have started enticing disgruntled employees to deploy the payload from inside the targeted victims. However, we'll just have to wait and see what the Sinclair group announces after the internal investigation.