Sinclair Broadcast Group says ransomware incident not ‘fully resolved’ weeks after breach

The extent of the incident remains unknown, the company said.
A sign for the Sinclair Broadcast building is seen in a business district October 12, 2004 in Hunt Valley, Maryland. (Photo by William Thomas Cain/Getty Images)

The ransomware attack on conservative broadcasting giant Sinclair is still causing problems, the company reported in a U.S. Securities and Exchange Commission filing Wednesday.

Noting that the investigation is ongoing, the notice reports that the Oct. 17 intrusion “has not yet been fully resolved, and certain disruptions to … business and operations remain.” The full extent of the impact on Sinclair’s “business, operations and financial results is not known at the present time.”

Employees of the Maryland-based company — which is the second-largest broadcast company in the U.S., owning or operating 185 television stations in 85 markets, multiple national networks, and 21 regional sports network brands — reported at the time that the attack had caused “major technical problems” and made it difficult for some stations to get on the air. The company also reported that hackers had taken data in the attack.

“Our employees’ quick response and creative workarounds have helped us restore a significant portion of our systems,” Chris Ripley, the company’s president and CEO, said in the filing. “As we work to complete our investigation, we will look for opportunities to enhance our existing security measures.”


A statement issued by the company initially reported that local advertisements had been impacted, but didn’t offer any additional detail. The Wednesday filing notes that although the company has insurance to “cover losses related to cybersecurity risks and business interruption, such policies may not be sufficient to cover all losses.”

Evil Corp, a prolific Russian cybercrime group that has been sanctioned by the US government, is believed to be behind the breach.

Researchers blamed the group, saying it had used a new strain of malware called Macaw to target Sinclair, perhaps as a means to facilitate payments from U.S. targets that would otherwise be barred from paying ransoms. Macaw, which had also been used to target Japanese technology manufacturer Olympus just days before Sinclair, was the latest iteration of Evil Corp-associated malware, building off previous strains such as WastedLocker and others, researchers told CyberScoop.

A Sinclair spokesperson did not immediately respond to a request for comment Wednesday.

Latest Podcasts