Media organization Sinclair Broadcast group allegedly falls victim to ransomware attack, joining the list of affected media entities.
In a recent turn of events, Sinclair Broadcast Group, one of the largest local news providers in the U.S., has confirmed a ransomware attack over the weekend, according to a regulatory filing with the Securities and Exchange Commission. The attack is linked to the Macaw malware variant, which is associated with the WastedLocker ransomware strain.
The attack encrypted a number of workstations and servers inside the company, leading to disruptions of several local broadcasts and impacting internal office functions. Sinclair is working to securely restore operations but cannot yet determine whether the attack will have a material impact on its business, operations, or financial results. The attack is also impacting the provision of local advertisements by local broadcast stations on behalf of the company.
If an attacker can impact broadcasts, the company is much more willing to pay a ransom to get its systems back up and running. However, it's essential to note that Sinclair, like many other companies, is not obligated to publicly disclose a ransomware attack unless it's a particularly severe incident affecting sensitive data or critical infrastructure.
Typical Procedures in Ransomware Attacks in the USA
When a US-based company like Sinclair Broadcast Group becomes a victim of a ransomware attack, it is not required to make public disclosures – unless it's a particularly severe incident affecting sensitive data or critical infrastructure. Nevertheless, many companies choose to make voluntary disclosures or are outed by media (and sometimes by the attackers themselves). Regulatory bodies are usually informed only when external consultation or legal action is necessary.
Possible Regulatory Bodies Informed
- FBI (Federal Bureau of Investigation): The primary point of contact for companies to report cybercrime, including ransomware.
- CISA (Cybersecurity and Infrastructure Security Agency): For critical infrastructures – a large media conglomerate like Sinclair could report to CISA, especially if it is part of the critical infrastructure.
- Secret Service: In certain cases, especially when there are financial implications or money laundering offenses.
- Attorney General’s Office (state or federal): Depending on the state.
- State & Local Law Enforcement: Such as local police or cyber units, to file a report.
- IC3 (Internet Crime Complaint Center): An FBI complaint centre where victims of online crimes can report incidents.
Publicity and Media
Many companies, like Sinclair, choose to avoid extensive public reporting due to image concerns. Initially, specialist media or cybersecurity blogs report on incidents before the company itself makes a statement.
Conclusion
Concrete information about whether and to which regulatory bodies Sinclair Broadcast Group has reported the ransomware attack is not publicly known. The company has not yet made any public statements regarding this matter. In the event of a confirmed incident, the FBI would likely be the first point of contact, followed by other regulatory bodies such as CISA or local law enforcement agencies.
As more information becomes available about this incident, we will keep you updated!
