Sinclair Broadcast Group, which operates dozens of TV stations across the U.S., said Monday that some of its servers and work stations were encrypted with ransomware and that data was stolen from its network.
The company said it started investigating Saturday and on Sunday it found that some of its office and operational networks were disrupted. The broadcast group did not immediately say how many TV stations were directly affected.
The Hunt Valley, Maryland-based company either owns or operates 21 regional sports network and owns, operates or provides services to 185 television stations in 86 markets.
In Toledo, Ohio, WNWO appeared to be off the air Monday afternoon. The station posted on Facebook that "our operations are currently limited. We will provide further updates as they become available."
On WJLA, a Sinclair-owned ABC affiliate in Washington, anchors opened their 4 p.m. newscast by telling viewers the station was under cyberattack and its computers and video servers were down. Nashville, Tennessee's WZTV put out a notice on its website Monday about "serious technical issues" at the TV station affecting its ability to stream content.
"We are also currently unable to access our email and your phone calls to the station," it said.
Sinclair said it's taken measures to contain the breach and that its investigation is ongoing. However, it said that the data breach has caused — and may continue to cause — disruption to parts of its business, including aspects of local advertisements by local broadcast stations. The company said it is working to restore operations.
Sinclair said it can't determine whether or not the data breach will have a material impact on its business, operations or financial results.
Ransomware attacks, in which cyber criminals encrypt an organization's data and then demand payment to unscramble it, are a growing scourge in the United States. The Biden administration has pledged to disrupt and prosecute criminal networks like the one that attacked a major U.S. pipeline company in May. The attack on Colonial Pipeline, which led to gas shortages along the East Coast, was attributed to a Russia-based gang of cybercriminals.
Ransomware payments reached more than $400 million globally in 2020 and topped $81 million in the first quarter of 2021, according to the U.S. government.
Crane Hassold, director of threat intelligence at Abnormal Security, said the hackers behind the ransomware attack on Sinclair could have gotten into the company's system a while ago.
"With many ransomware attacks these days, the initial access that precipitated the attack generally occurs weeks, if not months, ahead of time," he said.
Several media outlets have been hit by ransomware attacks in recent years. Cox Media Group, a major media conglomerate, said recently it was the target of a ransomware attack earlier this year. And a ransomware attack briefly knocked the Weather Channel off air in 2019.
Sinclair's shares fell 80 cents, or about 3%, to close Monday at $26.39.