Increased financial losses for Sinclair as ransomware expenses surpass insurance coverage limits
Sinclair Broadcast Group, a prominent media company owning over 185 television stations, has faced a significant setback following a high-profile ransomware attack in October 2021. The incident, one of the most notable cybersecurity incidents of the year, disrupted the normal operations of several local broadcasts and resulted in substantial financial losses.
The attack, discovered on October 16, led to the encryption of an undisclosed number of servers and workstations within Sinclair's network. Researchers from Recorded Future linked the attack to Evil Corp., a ransomware group sanctioned by the U.S. Treasury Department.
In response to the attack, Sinclair Broadcast Group took immediate action. The company hired John McClure as its first chief information security officer in July 2021. Sinclair also implemented an endpoint detection and response tool and engaged an additional cybersecurity firm to provide continuous monitoring of its network.
To bolster its defences further, Sinclair strengthened its policies related to security incidents and boosted internal security training. The company also instituted a program to evaluate the security of vendors and implemented metrics to help measure the effectiveness of its security programs.
The costs associated with the ransomware attack exceeded the company's insurance coverage, resulting in a recorded $24 million in unrecoverable net losses. Sinclair Broadcast Group incurred additional costs of $11 million related to the attack, and the company lost $63 million in advertising revenue in the fourth quarter due to the disruptions.
The ransomware attack had a ripple effect, causing disruptions to certain aspects of providing local advertisements, as reported by Chris Ripley, president and CEO at Sinclair, during the company's fourth-quarter earnings call.
Following the attack, Sinclair's board of directors created a cybersecurity subcommittee to oversee the company's cybersecurity efforts. The company is also working on a data protection initiative set for deployment later this year and plans to make additional investments in cybersecurity, potentially incurring additional expenses related to incident response.
However, it's important to note that the estimated net loss does not account for any potential litigation or regulatory proceedings.
SentinelOne researchers stated that the group linked to Russia has changed its techniques and branding repeatedly over the years, suggesting that cyber threats continue to evolve and require constant vigilance. Despite the challenges, Sinclair remains committed to maintaining the security and integrity of its network and services.
