Ransomware, Threat Management

Sinclair Broadcast ransomware attack demonstrates how ‘business is suffering’

The headquarters of the Sinclair Broadcast Group is shown April 3, 2018 in Hunt Valley, Maryland. The company, the largest owner of local television stations in the United States, was hit by a ransomware attack over the weekend. (Photo by Win McNamee/Getty Images)

At a time when the Biden administration recently launched an effort to curb ransomware attacks, another major incident was reported as the Sinclair Broadcast Group on Monday disclosed that certain servers and workstations in its environment were hit with ransomware.

Cybersecurity experts emphasized the need for public and private sectors alike to recognize the impact these incidents have on the ability for businesses across the all industries to remain standing.

In a release, Sinclair confirmed that the attack disrupted some of its office and operational networks and also disrupted a portion of the provisioning of local advertising by its local broadcast stations. Sinclair also said data was stolen from the company’s network, although as of early today, the company was still working to determine what information the data contained.

Sinclair has become a very large conservative media operation over the past several years. The company owns, operates and/or provides services to 185 television stations in 86 markets, and has TV stations affiliated with all the major broadcast networks.

The ransomware event was identified this past Saturday and confirmed as an attack yesterday. Once the ransomware event was detected, senior management was notified and Sinclair deployed an incident response plan, took technical measures to contain the incident, and launched an investigation.

Legal counsel, a cybersecurity forensic firm, and other incident response professionals were brought on. The company also notified law enforcement and other governmental agencies. A full investigation is under way and Sinclair has been working to restore its operations as soon as possible.

Eddy Bobritsky, CEO at Minerva Labs, said while his group does not have information about this incident at the moment, the attack serves as another statement of the increased number of ransomware attacks companies suffer from. 

“As shown in this case, the company business is suffering from the encryption and thus business continuity is at risk, Bobritsky said. “This shows without any doubt the importance of prevention of ransomware and other cyberattacks, as dealing with an attack after it has started is much harder.” 

Bobritsky added that companies should keep in mind that even if a company winds up paying the ransom or succeeds in getting the encryption key in other way, company data is still at risk because once it reaches the wrong hands, security teams can never know what the attackers will do with it or where else it would reach. 

Doug Britton, CEO at Haystack Solutions, added that alarming number of U.S. and multinational corporations have inadequate security precautions and are suffering from headline-making cyberattacks. Britton said without the right personnel in place, even the most sophisticated cyber vendors and security technology won't be enough.

“Cyber professionals who understand the organization, the business model, and how data is handled within the company are critical,” Britton said. “Corporations need to continue to invest in cybersecurity professionals. Security is a job that is never finished. Having the right in-house team in place is the best defense against constant cyber threats. We have the technology to find this talent even in the tightest labor markets. We need to move quickly and make a sustained commitment to get these folks into the fight or we risk having significant breaches continue.”

Garret Grajek, CEO of YouAttest, said that the penetration of all our key systems, water, energy, transportation and media has become a grave concern for western countries. Grajek said having a major media outlet like Sinclair attack shows how vulnerable even those with security resources are to cyberattacks. 

Grajek pointed out that Sinclair revealed that they conducted an enterprisewide password reset – which implies they may feel it was a compromised credential that beget the attack. Enterprises need to go beyond just password resets and even two-factor authorization and start understanding the scope and capabilities of all the identities in their enterprises, Grajek said. 

“This mean practicing the principle of least privilege to insure that all accounts, especially when they are compromised, do not have access to resources they do not need access to because that unneeded access could inflict damage if the account falls under control of malicious party,” Grajek said. “User accounts are easily stolen and guessed by the hackers, who then conduct lateral movement across the enterprise and privilege escalation to obtain access to valued resources. Enterprises must be aware of the rights granted and triggered when privileges are modified.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.