Sinclair TV station hit by ransomware attack, nationwide chaos

Sinclair formally announced in SEC documents that it was hit by a ransomware attack.

On October 16, 2021, we identified a potential security incident and initiated actions for investigation and containment.

On October 17, 2021, we confirmed that certain servers and workstations in our environment were encrypted with ransomware and that certain office and business networks were destroyed.

Data was also taken from our network.

We are reviewing what information was contained in the data and will take appropriate action based on our findings.

Sinclair’s internal network, email servers, phone service, and local TV broadcast systems appear to have been shut down.

Tweets from viewers and TV stations indicate that as a result of the attack, many channels were unable to broadcast morning shows, news and NFL game schedules.

“Internally, it’s a disaster,” according to a source who heard details of the attack in a private conversation.

While this attack may have been a stand-alone attack, it appears that the attackers were also able to reach the broadcast system of a local television station because many parts of Sinclair’s IT network were interconnected through the same Active Directory domain.

But because the “master control” part of Sinclair’s broadcast system was not attacked, Sinclair was able to replace scheduled local programming on the affected channels with national broadcasts, and at least some of the channels were able to continue broadcasting. At least some channels were able to continue broadcasting.

The incident occurred after Sinclair implemented a company-wide password reset for IT resources shared by local stations in July due to a “potentially serious network security issue.”


It is unclear how many Sinclair TV stations are currently affected, but Sinclair spokespeople are unable to be reached by email or phone as these systems are down following the attack.

The Sinclair Broadcast Group is a diversified media company and a leading provider of local sports and news.

The company owns and operates 21 regional sports network brands, owns, operates and services 185 television stations in 86 markets, and owns several national networks, including Tennis Channel and Stadium. It has television stations affiliated with all major broadcast networks.

Sinclair’s content is available through multiple platforms, including broadcasters, multi-channel video programming distributors, and digital streaming platforms NewsOn and STIRR.

Also, the Hulu support Twitter account has been all over the place in responding to the problems caused by the Sinclair incident, and there are signs of a major outage that is still ongoing.

It is not that uncommon and has happened in the past that major TV and radio stations have been hit by ransomware attacks that have shut down live broadcasts, past incidents are listed below.

Cox Media Group (June 2021)
France’s M6 (October 2019)
Entercom (September 2019)
The Weather Channel (April 2019)

This attack is expected to be a major blow to Sinclair, as local stations will lose advertising revenue until they regain control of their broadcast systems.

Leave a Reply

Your email address will not be published.