Ryuk Ransomware suspected in the cyberattack on US Newspapers
- Several major newspapers in the US were hit by a massive cyberattack, as a result of which printing and distribution of newspapers were delayed on Saturday.
- Insider sources suggest the use of Ryuk Ransomware in the cyberattack.
Major newspapers in the US suffered a massive cyber attack which caused printing and delivery disruptions over the weekend. The affected newspapers include the Los Angeles Times, New York Times, Wall Street Journal, and the San Diego Union-Tribune. Moreover, the cybercriminals behind the attack are suspected to have used the Ryuk Ransomware.
The incident reportedly impacted printing centers operated by Tribune Publishing and former Tribune Publishing property, the Los Angeles Times, as a result of which almost all Tribune Publishing newspapers were impacted to a certain extent.
Tribune Publishing said that malware was detected on its servers on December 28, 2018. The San Diego Union-Tribune which called it a virus, said that most subscribers did not receive their Saturday morning paper because of the attack.
The attack led to printing and distribution delays at the Chicago Tribune, Ft. Lauderdale Sun-Sentinel, Baltimore Sun, and stymied the distribution of the West Coast editions of the Wall Street Journal and New York Times, which are all printed at the Los Angeles Times’ Olympic printing plant in downtown Los Angeles.
The LA Times cited an inside source at its former parent company who claimed the printing outage was caused by an infection with the Ryuk ransomware. The L.A. Times, citing a "source with knowledge of the situation," said on 29, December 2018, that the cyber attack "appears to have originated from outside the United States."
A Tribune Publishing spokesperson said that she couldn't confirm the ransomware infection, however, she confirmed that the incident was caused by "malware".
An internal memo from Tribune CEO Justin Dearborn on Saturday referenced the "malware" and said, "we are making progress with this issue," as per the report by CNN Business.
"There is no evidence that customers’ credit card information or personally identifiable information has been compromised," Dearborn wrote. It should be noted that the websites of Tribune's newspapers were not affected.
The Ryuk ransomware which emerged in mid-August was first described in a Check point report. This ransomware has attacked various organizations worldwide. It’s victims include the major Canadian restaurant chain Recipe Unlimited as well.