Skip to main content

Sinclair Still Working To Restore Systems After Ransomware Attack

Larry Wentz KMEG Sinclair
Larry Wentz anchoring the news on Sinclair's KMEG this week

A week after suffering a major cyberattack over the weekend, Sinclair Broadcast Group said it is still working to restore disrupted systems.

Also Read: Sinclair Grants Another One-Week Extension in Dish Carriage Talks

The company said all of its stations and regional sports networks were on the air and that network shows and major sports programming were being broadcast.

“A  large portion of other programming has and is airing as scheduled, and all our news stations are providing news programming to our viewers,” the company said in a statement.

Also: MLB May Brush Back Sinclair With Its Own Streaming Service

Sinclair is “still working to return to our complete regular programming schedule and to resolve all programming issues that may arise,” the statement said.

On social media staffers at Sinclair stations have tried to explain to viewers why local newscasts look different this week, with limited graphics and video playback.

At KMEG-TV in Sioux City, anchor Larry Wentz started a newscast noting that his co-anchor, Katie Copple, “is holding things together behind the scenes as we continue to try to recover from a hacking attack that happened to us this weekend.”

In a post on Facebook Thursday night entitled “Don’t worry! I’m still here!,” Copple said “I know you haven’t seen me all week on Siouxland News at 9 and 10, but for a very important reason.”

Also: It‘s ‘#GameOver’ for Sinclair’s RSN Streaming Plan, Analyst Says

Copple explained that Sinclair, which owns KMEG, was hit by a cyberattack, which “took out many of our resources we use to bring you the news each night. Because of this, we’ve had to come up with new ways to do the news.”

She said “I’ve been working with my dedicated colleagues behind-the-scenes to keep us up and running, leaving Larry on the desk this week. I hope to be back very soon,” Copple told followers. 

On Friday morning, Bob Herzog, a morning anchor at WKRC-TV in Cincinnati, described some of the challenges the station was facing via Facebook.

“At first there was no email, no phones, the software we use for putting newscasts together was kaput. Only through the Herculean/MacGyver-ish efforts and ingenuity of the many fine people here at Local 12 have we been able to keep putting newscasts on the air,” Herzog said. 

“Now, despite pushing forward, there have been limitations,” Herzog said. “Accessing video, editing and using graphics and animations have been things that have gradually been coming back but there is aways to go,” he said. 

He noted that some people who stream the station have not been able to watch. And that the people who watch the part of Good Morning Cincinnati that appears on WSTR-TV, which Sinclair operates under a management agreement, from 7 a.m. to 9 a.m. are only getting it from 7 to  7:30, and getting Sinclair’s The National Desk the rest of the time.

“We hope to have that situation resolved soon but I don’t have a timeline for you.  I’ll let you know when I know,” Herzog said.

Sinclair said it “continues to work diligently to restore the business operations that were disrupted by the recent cybersecurity incident. We are bringing the systems involved back online quickly and securely, and in a way that prioritizes critical business operations.” 

Some reports have linked the Sinclair cyberattack to Evil Corp., a Russian gang. Experts said that the hackers used malware called Macaw, a variant of WastedLocker. Both Macaw and WastedLocker were created by Evil Corp., according to security experts quoted by Bloomberg.

“To ensure the integrity of our ongoing investigation, we are not able to provide specific details at this time. Doing attribution in a security incident is complicated and can be speculative," Sinclair said in a statement. "Our focus remains on continuing to work closely with a third-party cybersecurity firm, other incident response professionals, law enforcement and governmental agencies as part of our investigation and response to this incident.”