KOMO TV still feeling the effects of a weekend attack on corporate parent’s computers

This image is currently not available
Molly Shen delivers the 11a.m. KOMO News broadcast amid technical difficulties on Tuesday, after KOMO’s parent company, Sinclair Broadcasting Group, was the victim of a ransomware attack. (Screenshot via KOMO)

Two days after a suspected ransomware attack disrupted operations at KOMO TV and its parent company, Sinclair Broadcasting Group, the Seattle TV station was still feeling the effects.

Maryland-based Sinclair, said to be the second largest TV station operator in the United States, disclosed Monday that some of its computer systems had been struck by a malicious program, known as ransomware, that had caused problems at several stations.

Cybercriminals typically use ransomware to steal data and take over victims’ computer systems, and then demand payment before restoring operations.

The attack KO’d KOMO’s broadcast on Sunday morning. “Hello everyone, We are not on the air this morning due to technical difficulties,” tweeted weekend co-anchor and meteorologist Theron Zahn shortly after 7 a.m.

An emailed statement Tuesday from a Sinclair spokesperson offered no details about the attack, which the company said was under investigation by an outside cybersecurity forensic firm. Sinclair said it was “working around the clock to quickly and securely restore business operations that have been disrupted, and to help minimize disruption to our viewers.”

But as of Tuesday morning, some KOMO TV operations remained glitchy.

An archived copy of Tuesday’s 11 a.m. news broadcast showed few of the show’s usual glitzy graphics, and cuts between segments were sometimes rough.

During a story on vaccinations rates among Seattle city employees, the screen showed only a still shot of the city skyline as anchor Holly Menino recited detailed statistics. When anchor Molly Shen explained the reasons behind the technical issues and asked for viewer patience while problems were fixed, the video feed appeared to freeze for several seconds.

“It’s still obvious they’re struggling,” said Grant Jenkins, a Seattle resident and longtime KOMO watcher. “They’re still not back to normal.”

Efforts to reach the local KOMO operation via phone and email were not successful.

The weekend attack also disrupted operations at several former Sinclair radio stations, including KPLZ-FM, KOMO News Radio and 570 KVI, according to media reports. Although Sinclair recently sold the radio stations, their operations are still housed at KOMO Plaza at 5th Avenue and Denny Way in Seattle, according to media reports.

Sinclair Broadcasting, which owns, operates or provides services for 185 television stations in 86 markets, declined to say how many stations were affected by the attack.

But The Washington Post reported Monday that at least six stations had suffered outages, including KOMO, KHQA in Hannibal, Miss.; WLUK Fox 11 in Wisconsin; CBS Channel 6 in Albany, N.Y.; and KATU, which broadcasts to Portland and Southwest Washington.

Sinclair reported the breach in a filing with the U.S. Securities and Exchange Commission.

Sinclair said it had detected “a potential security incident” on Saturday and identified disruptions in “certain office and operational networks” the following day. The company also acknowledged that data had been taken from its network and added that it was “working to determine what information the data contained and will take other actions as appropriate based on its review.”

Information from The Washington Post is included in this article.

Paul Roberts: proberts@seattletimes.com; .