They must have gotten something back online, as KOMO had a new opening on their 11:00 P.M. newscast last night. Another thing that seemed off to me is the regular traffic reporters are missing. I accidentally turned them on about 2 yesterday and it sounded like Taylor VanCise was having to improvise a traffic report. Also noteably missing is evening reporter Jay Phillips, replaced with Max Tucker. I don't know if that's related or not, but it sure seems like this has taken out anything outside of that building. Are they still able to link up with ABC at top and bottom of hour? Not being in the market anymore I only listen about 11 for the TV news simulcast, though the streams have been back up for a couple days now.
-
Get involved.
We want your input!
Apply for Membership and join the conversations about everything related to broadcasting.
After we receive your registration, a moderator will review it. After your registration is approved, you will be permitted to post.
If you use a disposable or false email address, your registration will be rejected.
After your membership is approved, please take a minute to tell us a little bit about yourself.
https://www.radiodiscussions.com/forums/introduce-yourself.1088/
Thanks in advance and have fun!
RadioDiscussions Administrators
Sinclair Acknowledges Ransomware Attack Affecting Their Former Seattle Radio Stations
- Thread starter medev
- Start date
That's awesome. Took a screenshot to send to our cyber security folks..
I will say kudos to the team at KOMO they did a fabulous job or reaching out to advertisers and doing their best to make sure our spots run as ordered. They are hand placing on paper logs and of course we advertisers have copies of everything how it is supposed to run which we send back to them so that creates a work around. Really impressed with how they are handling it.
As an advertiser I wouldn’t have expected anything less. It’s not the advertisers problem that the stations computer systems were taken down. Provisions should have been in place to ensure normal operations would not be affected by an attack like this.
Easy for you to say. It's pretty much impossible these days to ensure an employee isn't going to click on some link, or stick an infected USB drive into their work PC stopping all your business operations, no matter how many times you tell them not to.
What you so flippantly say, is like telling a retail store owner that that should have provisions in place in case a gunman walks up and sticks a gun in their face, robbing their store. The big difference in this example; at least you can see the gunman.
Completely invalid comparison. Ransomware is like a dangling carrot - it entices clicking on a link but doesn’t force the click.
Content delivery systems should not be affected at all by what happens in the office. And if that’s not possible for whatever reason a hot standby backup should be employed. Computers and hard drives are cheap. You may call it flippant but I call it delivering the product as promised.
There is a big problem array in that seemingly simple solution:
Stations are constantly updating. The log runs, spots are marked as run. Songs play, they are marked as played. A fill song does not play, it is marked so that it returns to the top of the fill stack on the PD's computer. Weather or traffic reports are constantly being recorded in drive times and updated on the system. New copy is loaded and expired is removed. New spots are put in for new accounts; spots for ongoing ones are replaced with new ones. Transmitter readings are logged. EAS tests are certified. Mike time is logged, and voice tracks are recorded while old ones are removed.
The traffic system is linked to the studio system to insert and revise logs. The billing system is linked to the studio system to certify invoices based on actual times. The program department is linked to add and revise music logs and service elements, often accessible from the programmers' homes or cellular. Engineering is linked to do silence alarm triggers and for tech logs.
And so on. There is more, but you can get the idea.
A backup would have to be run like a NAS that does instant revision every time the main system updates. That is a near-perfect way to protect against a system failure, but it just gives a hacker two or more places to have their ransomware reside. In other words, no protection at all.
And often such ransomware is inserted with a timer function. It may be days before it locks the systems, but in the meantime it has propagated to every backup and every remote computer on the system.
At some point, prevention fails. And that is what hackers work on.
Sorry David, I’m not buying your argument.
You don’t need a real time back up to reflect every single change. You can make it every 24 hours, 18 hours, 12 hours, whatever. And you don’t have to do the entire server on one computer. Put in computers for each of your stations and have them back up just that station’s library. Even a one day old back up is better than having nothing at all.
You don’t need a real time back up to reflect every single change. You can make it every 24 hours, 18 hours, 12 hours, whatever. And you don’t have to do the entire server on one computer. Put in computers for each of your stations and have them back up just that station’s library. Even a one day old back up is better than having nothing at all.
Groups, even small ones, centralize today. In many, if not most, traffic, accounting and business functions are not done locally but accessible by the local managers. Music is often centralized, with each station calling a central library.
So the local station just accesses the data off the corporate system.
And, since ransomware is usually placed days or weeks ahead of activation, it is allowed to propagate to all the remote sites and backups. That is the idea: make a restoration nearly impossible so the ransom will be paid.
Last edited:
Doesn't matter when backups are done. Once the mal-ransomware gets into even one machine, replication starts immediately. As David mentioned, workflows require traffic to communicate with automation, and automation back to traffic with as-run logs. Depending on the system; as-run logs create affidavits in the business system for generating invoices. Music is also logged for the purposes of audits. Most malware runs as an Easter Egg, waiting for hours or even days before it starts encrypting file folders. Detection isn't always immediate. Delay also ensures the malware gets included in any backup.
Okay, so I'm wondering if some of the changes I'm hearing on KOMO were planned before the hack and simply moved up in implementation. The biggest changes I've noticed are that before, they used to have Art Sanders reading headlines then a replay of an earlier interview segment, followed by money, health update, then traffic and weather. Now, at 10:45 they have some segment from ABC that comes in and out rather awkwardly, then commercials, money, and then traffic and weather, followed by a segment from ABC, last night it was political insights, but I've also heard world headlines and entertainment news. The consumer tip has been missing since the hack. Is everything sounding back to normal on any of the other stations yet?
I'm hearing they're still dealing with the ransomware issues as Sinclair won't pay the hackers. That's likely behind the changes.
- Status