Sinclair Broadcast 'Disrupted’ by Ransomware Attack

A still unknown ransomware group hacked the controversial TV giant Sinclair, causing disruptions at several channels across the United States.
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

The TV giant Sinclair Broadcast Group said it was hacked. According to a press release on Monday, the company said it detected a ransomware attack on Saturday. The hackers encrypted "certain servers and workstations," stole data, and disrupted some of its TV stations, according to the announcement.


Sinclair calls itself "the largest and most diversified television broadcasting company in the country," operating and owning more than 600 U.S. TV channels. The ransomware attack appears to have interfered with several broadcasts across the country on Sunday, as reported by the cybersecurity news site The Record

In its press release, the company said the hack caused some disruptions. 

"While the Company is focused on actively managing this security event, the event has caused—and may continue to cause—disruption to parts of the Company’s business, including certain aspects of its provision of local advertisements by its local broadcast stations on behalf of its customers," Sinclair wrote in the press release. 

"Sinclair Broadcast Group recently identified a cybersecurity incident involving our network. As a result of the incident, certain devices were encrypted with ransomware, data was taken from our environment, and certain business operations have been disrupted,” A Sinclair spokesperson told Motherboard, but declined to say how many stations had programs disrupted by the hack. “Senior management was notified, and we implemented our incident response and business continuity protocols, took measures to contain the incident, and launched an investigation. A cybersecurity firm that has assisted other companies in similar circumstances was engaged, and law enforcement and other governmental agencies were notified.”


Do you have more information about the ransomware suffered by the Sinclair Broadcast Group? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wire/Wickr @lorenzofb, or email

In the last few years, the company has aggressively attempted to expand its already massive empire with a controversial and failed acquisition of Tribune Media. Regulators worried that the deal would allow Sinclair to control too big a share of the local U.S. news media. Sinclair and its TV stations have long been criticized for being too politicized and pro-Trump

Hackers have targeted TV stations before. Other recent victims of ransomware attacks include The Weather Channel, and Cox Media Group

But it's not just ransomware gangs. In June of 2017, hackers allegedly working for the United Arab Emirates government partially took over the live broadcast of the state-owned Qatar News Agency, showing made up quotes for the country's leader, the Sheikh Tamim bin Hamad Al Thani. In 2015, Russian government hackers, pretending to be a ISIS-linked group, hacked the French TV5Monde and forced multiple channels to go dark.  

Long before organized cybercrime and government hackers, mysterious hackers  have disrupted TV broadcasts. Perhaps the most famous example of this is the 1987 "Max Headroom" hack. In the span of two hours, someone took over Chicago's Channel 9's Nine O'Clock News for thirty seconds, and then Channel 11, the PBS affiliate WTTW for one minute and 21 seconds, replacing the broadcasts with a creepy, distorted, and rambling version of Max Headroom, the character of a 1980s movie and TV series. More than 30 years later, we know very little about who was behind the hack, and how they pulled it off, making it one of the most mysterious and tantalizing hacks ever. 

Subscribe to our new cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.