Several major U.S. newspapers reported they were victims of production-disrupting cyber attacks on or around the holidays.
On December 29, the LA Times noted that an unknown actor used what experts believe to be Ryuk ransomware to infect systems needed to publish the newspaper, including computers that store the news stories, photographs and administrative info.
As a direct result, the newspaper was unable to publish the print edition for December 29th on time.
The LA Times wasn’t the only media outlet to suffer such a disruption.
The Hartford Courant, Chicago Tribune, The Baltimore Sun and other publications owned by Tribune Publishing all experienced similar incidents around the same time frame.
Tribune Publishing sold the LA Times earlier this year, but still provides printing services to the publication as part of its transition process.
What Is Ryuk Ransomware?
Ryuk ransomware is a family of ransomware known for its targeted attacks against various enterprises.
Check Point tracked the threat for a period of two weeks in the summer of 2018. Although its ransom demands ranged from fifteen to fifty bitcoin, Ryuk managed to generate $660,000 for its operators over that short span of time.
Unlike other malware families distributed by exploit kits and large spam campaigns, Ryuk represents a whole new generation of targeted ransomware.
It now joins the ranks of SamSam, which had caused $40 million in losses to victims and collected $9 million in ransom payments for its operators as of November 2018, according to the U.S. Department of Justice (DOJ).
These targeted attacks were part of why Europol said in 2018 that ransomware remains the major malware threat facing organizations.