Sinclair Broadcast Group Inc. confirmed today that it was targeted by a ransomware attack that disrupted its network of local television stations.

The suspicion that a ransomware attack may have targeted the company was first raised on Sunday when TV broadcasts went off-air. The attack also took down the Sinclair internet corporate network, email servers and phone servers.

In a statement, Sinclair said that the ransomware attack was first detected on Oct. 16 and affected certain office and operational networks. Data was also stolen from the company, suggesting a so-called double-tap ransomware gang was involved.

Sinclair said that upon detection of the attack, it implemented its incident response plan, took measures to contain the incident and launched an investigation. The company also engaged legal counsel, a cybersecurity forensics firm and other incident response professionals. Ticking off the standard response list, Sinclair said it had also notified law enforcement and other governmental agencies.

The company noted that while it is actively managing the event, the attack may continue to disrupt parts of the company’s business, including the provision of advertising to its local broadcast stations.

Sinclair did not disclose the form of ransomware. Bleeping Computer, referring to sources at the company, reported that the ransomware attack shut down Active Directory services for the company’s domain, leading to widespread disruption.

“Somehow, the attack didn’t spread to Sinclair’s ‘master control’ broadcast system, so if it was network segmentation or a higher level of protection and care for the ‘crown jewels,’ those are good practices to emulate,” Bill Lawrence, chief information security officer at risk management acceleration platform provider SecurityGate Inc., told SiliconANGLE. “Also, they lost their internal network, email, phones, along with local broadcasting systems.”

Lawrence explained that without the ability to use email or make phone calls, “it would be hard for them to order a pizza together, much less work on business continuity. Out-of-band, encrypted communications, with apps such as ArmorText or Signal, set up and practiced before they are direly needed, can help immensely.”

Ron Bradley, vice president at third-party risk management firm Shared Assessments, noted that this is just another example of threat actors taking advantage of soft targets.

“Generally speaking, you don’t see big banks being held hostage to ransomware attacks because they have taken precautions to secure their perimeter, minimize their blast radius, and control internal lateral movement if a breach were to occur,” Bradley explained. “The sad part of the story is, many small and medium-sized businesses don’t have the wherewithal, both financially and technologically, to protect their assets.”

Photo: Mayland GovPics/Flickr