Another Day, Another Massive Data Breach and Ransomware Attack

October 27, 2021

Return to Learning Center

TV giant Sinclair Broadcast Group has confirmed that it has suffered a massive data breach and ransomware attack that has crippled its operations and exposed customer data.

Sinclair Broadcast Group said Monday that it's suffered a data breach and is still working to determine what information the data contained. The company said it started investigating the potential security incident on Saturday and on Sunday it identified certain servers and workstations that were encrypted with ransomware. It also found that certain office and operational networks were disrupted. Data was also taken from the company's network.

What we have here is a failure to communicate. That line from the classic movie "Cool Hand Luke" could describe WGFL-CBS4 in Gainesville and its thousands of viewers in North Central Florida. WGFL is among stations owned or operated by the Sinclair Broadcast Group that have been taken hostage by ransomware attackers who have disrupted popular syndicated programming like "Wheel of Fortune" and network favorites like "NCIS," "FBI" and "Young Sheldon." WNBW-NBC9 Gainesville, also a Sinclair property, has seen shows go dark, as well.

The Hunt Valley, Maryland-based company owns and/or operates 21 regional sports network and owns, operates and/or provides services to 185 television stations in 86 markets.

In addition to the two Gainesville stations, Sinclair owns or operates 185 television stations nationwide, carrying all the major networks, and reaching more than 38% of the U.S. television audience. The Tallahassee Democrat reported Friday that Sinclair's Fox, NBC and CW stations in the state capitol were among those whose programming is being held for ransom. The communications giant has had little to say about the ransomware attack that has affected many of its outlets. Sinclair issued a written statement Monday saying the company had "identified certain servers and workstations encrypted with ransomware."

The weekend cyberattack against Sinclair Broadcast Group Inc. was linked to one of the most infamous Russian cybergangs, called Evil Corp., according to two people familiar with the attack. The Sinclair hackers used malware called Macaw, a variant of ransomware known as WastedLocker. Both Macaw and WastedLocker were created by Evil Corp., according to the two people, who requested anonymity to discuss confidential matters. Evil Corp. was sanctioned by the U.S. Treasury Department in 2019.

Data was also taken from the company's network, and Sinclair is trying to determine what was stolen, according to the statement. The company notified law enforcement and engaged legal counsel, a cybersecurity forensic firm and "other incident response professionals."

We hope you enjoyed reading this guide and learned something new! Check out our Learning Center to learn more about online privacy and security or consider subscribing to our Online Privacy Service to remove your phone number, name, and address from Google, Bing, Yahoo, and DuckDuckGo search results and hundreds of data broker sites.