The malware attack that affected the delivery of several newspapers in the US, on December 29, has as its main suspect the ransomware Ryuk. The attack was targeted at the company Tribune Publishing and believed to have come from outside the US.
As Los Angeles Times reported, “technology teams worked feverishly to quarantine the computer virus, but it spread through Tribune Publishing’s network and reinfected systems crucial to the news production and printing process. Multiple newspapers around the country were affected because they share a production platform”.
Some of the newspapers affected were the Los Angeles Times, the San Diego Union Tribune, The Chicago Tribune, the Wall Street Journal and the New York Times. According to the Tribune Publishing, subscriber information has not been compromised.
“This would be the first known attack on major newspaper printing operations, and if politically motivated, it would define new territory in recent attacks on the media”, pointed out an article in the New York Times.
The information that the attack was caused by ransomware Ryuk came from someone inside the Tribune Publishing who isn’t authorized to speak. According to this person, the compromised files contained the extension ".ryk". The company wouldn’t confirm the information.
Unlike other ransomware that are spread in massive email campaigns, or spam, Ryuk is a malware that has been used in specific attacks. It's a ransomware that defies business security because it's a targeted and advanced threat. And its use has been connected to hacking groups in North Korea.