Sinclair Broadcast Group suffers ransomware attack, the latest affecting media

One of the country's largest television broadcast companies suffered a ransomware attack over the weekend, bringing down an indeterminate number of its stations.

Sinclair Broadcast Group, a major television news and media provider, confirmed Monday that it was the victim of a ransomware attack that “disrupted” some office and operational networks.

The attack apparently caused widespread technical difficulties and made it difficult for some stations to go on the air. Attackers also data from the company’s network, according to a U.S. Securities and Exchange Commission filing.

The Maryland-based company began to investigate the attack on Saturday, Oct. 16, and by Sunday “identified that certain servers and workstations in its environment were encrypted with ransomware,” the company said in the filing. The incident comes after separate extortion events affected television stations owned by Cox Media Group, while attackers also have struck small newspapers in the U.S.

“We are working diligently to address the incident and to restore operations quickly and securely,” the company said in a statement. “As we work to complete the investigation, we will look for opportunities to enhance our existing security measures. We appreciate your patience and understanding as we work through this incident.”


Sinclair is the second-largest TV station operator in the U.S., and owns or operates 21 regional sports network brands, 185 television stations in 86 markets, along with multiple national networks. The company has emerged as a force in local and community news, through media observers have accused Sinclar of pushing a coordinated politically conservative agenda in the past.

“While the Company is focused on actively managing this security event, the event has caused—and may continue to cause—disruption to parts of the Company’s business, including certain aspects of its provision of local advertisements by its local broadcast stations on behalf of its customers,” the company said in the filing.

The company was dealt with another cyber incident in July. Details about that incident are sparse, but it was reported at the time that a company official advised all of the companies’ stations’ to reset administrative passwords in response to a “security breach.”

The Record, which first published details of the attack on Sunday, reported that the attack “took down” the internal corporate network, email servers, phone services, and the broadcasting systems” of an undetermined number of local TV stations.

Update, 10/18/21: To include a statement from a Sinclair spokesperson.

AJ Vicens

Written by AJ Vicens

AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal/WhatsApp: (810-206-9411).

Latest Podcasts