Ransomware suspected in cyberattack that crippled major US newspapers

newspapers.jpg

The Ryuk ransomware strain is the primary suspect in a cyberattack that caused printing and delivery disruptions for several major US newspapers over the weekend.

More security news

The attack reportedly affected printing centers operated by Tribune Publishing and former Tribune Publishing property, the Los Angeles Times.

All Tribune Publishing newspapers were impacted to some degree by the cyber-attack.

The print editions of the Chicago Tribune, Lake County News-Sun, Post-Tribune, Hartford Courant, Baltimore Sun, Capital Gazette, and Carroll County Times were published Saturday without paid death notices and classified ads, according to the Chicago Tribune, Hartford Courant, and Baltimore Sun.

In other markets a similarly slimmed-down version of the Saturday newspaper will be delivered a day late, on Sunday, the three newspapers also reported.

Former Tribune Publishing west coast newspapers the Los Angeles Times and San Diego Union Tribune —sold earlier this year, in February— suffered similar outages.

“The attack delayed distribution of Saturday editions of the Los Angeles Times and San Diego Union Tribune,” the LA Times said on Saturday.

“It also stymied distribution of the West Coast editions of the Wall Street Journal and New York Times, which are printed at the Los Angeles Times’ Olympic printing plant in downtown Los Angeles,” the newspaper added.

The LA Times cited an inside source at its former mother company who claimed the printing outage was caused by an infection with the Ryuk ransomware.

This type of ransomware was first described in a Check Point report published over the summer. The ransomware is primarily deployed in targeted attacks on high-value targets with the hopes of netting cyber-criminals profits from companies that can’t afford a major downtime. Previous Ryuk ransomware victims include major Canadian restaurant chain Recipe Unlimited.

A Tribune Publishing spokesperson didn’t confirm the ransomware infection, but did say the incident was caused by “malware.” The same spokesperson said that websites and mobile applications of its newspapers weren’t affected.

Tribune Publishing is one of the US’ biggest media groups, owning several major newspapers such as the Hartford Courant, The Morning Call, The Baltimore Sun, The Virginian-Pilot, Daily Press, Chicago Tribune, Orlando Sentinel, Sun Sentinel, NY Daily News, Tidewater Review, Capital Gazette, Carroll County Times, and The Virginia Gazette, among others.

Related cybersecurity coverage:

READ MORE HERE