A ransomware attack that crippled Sinclair Broadcast Group stations across the country that is continuing to impact news stations across the country was the work of a well-known Russian hacking group, according to Bloomberg News.
The outlet reported that Evil Corp., a group that was previously sanctioned by the US, was responsible for the attack and used a malware virus known as Macaw to take out Sinclair, the second-largest US television station operator, owning or operating 185 stations in 86 markets.
Ransomware locks computer networks until victims pay a fee. Sinclair TV stations across the country could not access graphics, phones, emails video files and more. The company said in a statement on Monday that the attack had caused disruptions to portions of the company, including local advertisements. Additionally, the media conglomerate confirmed that data had been stolen in the attack but had not yet determined what data was stolen.
The attack, which began late last week, was disclosed by Sinclair to the Securities and Exchange Commission as well as the public.
President Joe Biden was heavily criticized in June after he disclosed that he gave Russian President Vladimir Putin a list of 16 "critical infrastructure" entities that were "off limits" to a Russian cyberattack. Critics asked why everything in the US wasn’t "off limits" to Russian cyberattack and slammed the President for being weak on the international stage and on foreign policy.
Critical infrastructure entities discussed included communications, energy, water, health care, emergency, chemical, nuclear, government, defense, food, commercial facilities, IT, transportation, dams, manufacturing and financial services. At the time, Biden refused to acknowledge if military action was an option if Russia was found to be responsible for a ransomware attack.
The prime suspect in the attack, Evil Corp. is one of several Russia-linked hacker organization which has been the focus of government investigations and media attention recently. In 2019, the organization was the focus of a multiagency effort after it was alleged that they used malware to steal over $100 million from hundreds of financial institutions and banks in more than 40 countries.
The Treasury Department issued sanctions against 17 people and seven entities associated with Evil Corp. The State Department offered a $5 million reward for information that could lead to the capture and conviction of the group’s leader, Maksim Yakubets.
The REvil hacker organization was linked to the ransomware attack on meat producer JBS USA in May as well as the attack on IT group Kaseya in July, which impacted 1,500 other companies.
Another Russian hacker group called DarkSide, was tied to the ransomware May attack on Colonial Pipeline which led to fuel shortages on the east coast of the US. The high profile attacks prompted Biden’s conversation with Putin.
Against the guidance of the FBI, the companies paid millions of dollars in ransom to resume operations. According to IT security firm Check Point earlier this year, the number of organizations affected by ransomware jumped 102 percent compared to the beginning of 2020 and "shows no sign of slowing down."