Sinclair Broadcast Group hit with ransomware attack

There have been at least two major ransomware attacks in the U.S. this year.

Sinclair Broadcast Group, which owns almost 300 stations across the country and provides local news services, was the victim of a ransomware attack over the weekend, the company announced in a Securities and Exchange Commission filing on Monday.

"On October 16, 2021, the Company identified and began to investigate and take steps to contain a potential security incident. On October 17, 2021, the Company identified that certain servers and workstations in its environment were encrypted with ransomware, and that certain office and operational networks were disrupted," the filing says. "Data also was taken from the Company's network. The Company is working to determine what information the data contained and will take other actions as appropriate based on its review."

The company warned that while the incident is actively being managed, "the event has caused – and may continue to cause – disruption to parts of the Company's business, including certain aspects of its provision of local advertisements by its local broadcast stations on behalf of its customers. The Company is working diligently to restore operations quickly and securely."

Sinclair Broadcast Group says it can't determine whether the event will have a material impact on business operations and that the investigation is ongoing.

It is not known who is behind the cyberattack or whether Sinclair Broadcast Group paid the ransom.

The company responded to ABC News with a statement similar to what was in the SEC filing, and the Cybersecurity and Infrastructure Security Agency referred ABC News to Sinclair.

Two major ransomware incidents targeting critical infrastructure sectors in the United States have occurred already this year.

Meat supplier JBS, which was the victim of a ransomware attack over Memorial Day weekend, paid $11 million in bitcoins to the hackers that penetrated their system, the company announced.

The FBI attributed the cyberattack to REvil and Sodinokibi, two criminal organizations thought to be based in Russia.

Colonial Pipeline, which transports approximately 45% of all fuel consumed on the East Coast, paid millions of dollars to the cybercriminal group DarkSide following a ransomware attack in May that led the pipeline to briefly shut down its operations, according to court documents. The Justice Department announced it successfully seized some of the cryptocurrency that Colonial paid to the hackers.

The Darkside criminal organization operates in Eastern Europe and Russian intelligence has been known to cooperate with Eastern European cybercriminals in the past.

Both the Director of the FBI Christopher Wray and Secretary of Homeland Security Alejandro Mayorkas touched on the cyber threat, including dark web efforts to hack and sell people's personal information, before a congressional panel in September.

Mayorkas noted that ransomware incidents were up in 2020.

"Last year, victims paid an estimated $350 million in ransoms, a 311% increase over the prior year, with the average payment exceeding $300,000," he said.

Wray said the FBI was investigating over 100 incidents of ransomware.

Cybersecurity and Infrastructure Security Agency Director Jenn Easterly called the ransomware problem an "epidemic" that will require international help and cooperation.

"If a highly dedicated, sophisticated state actor wants to own you they will, but there are things that people can do to keep themselves safe," she explained.

The CISA director said over 90% of successful cyberattacks occur because of a phishing email and urged companies to prepare for disruption.

Mayorkas said it is difficult to locate and apprehend cybercriminals, but that DHS is "bringing additional and increasing resources to that effort."