Sinclair, one of the nation’s largest local news providers, was hit by one of the most visible ransomware attacks in the country since the ransomware attacks against fuel supplier Colonial Pipeline and meat processor JBS USA earlier this spring. 
Sinclair owns, operates or provides services to 185 television stations in 86 markets across the country and also owns or operates 21 sports network brands. The attack disrupted live broadcasts in numerous local markets and also knocked out a number of internal office functions. 
“The investigation of the incident remains ongoing,” Ripley told analysts during the conference call. “Needless to say, we are ensuring that operations are back to where they need to be as quickly as possible.”
Because television news is so dependent on automation, a ransomware attack like this one will cause significant impact on the operations of a company like Sinclair, and that is part of the reason why attackers choose a target like this, according to Gartner analysts. 
“This means that an attack that brings technology down in their operational environment will have widespread impact — and that’s what the attackers go for,” Katell Thielemann, research VP at Gartner said. “How can we hit business operations to compel the victims to pay?”
It was unlikely that all of the local stations had incident response plans and back up capabilities at the ready, Thielemann said. Employees at these locations had to improvise, revert to manual operations, and try as best as possible to keep the news broadcast on the air. 
Ripley warned that while the company maintains cybersecurity insurance to cover losses related to cybersecurity risk and business interruption, such policies may not be enough to cover the losses. He did not indicate anything about a ransom demand or payment during the call. 
The company engaged legal counsel, outside cybersecurity forensics specialists and other experts, according to Ripley. Law enforcement was contacted and government agencies were notified, however he did not specify which government agencies were brought in. The FBI confirmed last month that it was aware of the incident, through a spokesperson. 
“The FBI remains committed to using our unique capabilities and resources to assist our private sector partners to combat cyber threats through joint, coordinated and sequenced action,” the spokesperson told Cybersecurity Dive. 
It is not clear exactly how the FBI is responding to the Sinclair incident, but the agency has been involved in some operations since earlier this year to disrupt the payment flow of ransomware, which is often done using cryptocurrency. Just this week, Blackmatter announced it was shutting down operations due to pressure from local law enforcement agencies. 
Corporate boards are no longer rubber-stamping assurances from CIOs or CISOs but are bringing in outside experts, asking more questions and preparing for the risk of personal liability.
The biggest and baddest ransomware groups love an easy vulnerability.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Corporate boards are no longer rubber-stamping assurances from CIOs or CISOs but are bringing in outside experts, asking more questions and preparing for the risk of personal liability.
The biggest and baddest ransomware groups love an easy vulnerability.
Get the free daily newsletter read by industry experts
The free newsletter covering the top industry headlines

source