Major US News Outlets Disrupted in Last Weekend’s Malware Attack

Posted on December 31, 2018 at 12:16 PM

Major US News Outlets Disrupted in Last Weekend’s Malware Attack

The last year was filled with reports of different malware attacks, most of which revolved around DDoS attacks and cryptojacking, which became this year’s largest trends. However, during the final days of 2018, a form of ransomware hit major US news outlets, causing disruptions in their printing schedules, and affecting the published information.

Ransomware Ryuk causes newspaper outlet disruption

According to researchers and news outlets’ own reports, the attack focused on affecting different publications owned by Tribune Publishing group. The news outlets in questions include well-known names such as the Chicago Tribune, the Los Angeles Times, Baltimore Sun, and San Diego Union-Tribune.

The attack occurred during the weekend, although Tribune later confirmed that the first signs of disruption were detected on Friday, December 28th. Insiders have stated that the malware responsible for the attack may be Ryuk, which is known as a form of ransomware. Ryuk was recognized due to the corrupted files with a signature extension “.ryk.”

After entering Tribune’s systems, Ryuk supposedly compromised the software which is crucial to producing and printing news. As the company owns a number of different publications throughout the country, many of them ended up being affected by the attack. Marisa Kollias, a spokeswoman for Tribune Publishing, revealed that the attack disrupted the printed newspapers, mostly affecting timeliness and completeness of the papers. However, Kollias also confirmed that mobile apps and websites were not affected in the attack.

One example of disruption can be seen in the Chicago Tribune’s Saturday edition, which lacks paid death notices, as well as classified ads. The publication most affected by the attack seems to be South Florida Sun Sentinel, which had to shut down its entire newspaper production temporarily. Not only that, but the impact also affected their phone lines. Because of this, everyone who attempted to get information by calling the media outlet received a message that the number is out of service.

Fortunately, the Tribune Publishing’s spokeswoman managed to confirm that customers’ credit card data was not compromised, and the same goes for other personally identifiable data. In fact, it is believed that the attack focused on disruption, rather than data theft. After noticing the incident, Tribune Publishing notified the FBI, and while the investigation is still in progress, they confirmed that resolving the issue and identifying the responsible parties is underway.

The malware was already known to researchers

According to reports, it is currently unknown who is responsible for the attack, or what was the motivation behind it. As mentioned, the attack focused on disruption, although it is unclear whether it was random, or if it was conducted with a specific purpose in mind. The malware, identified as Ryuk, is also relatively new, being noticed by Check Point Research earlier this year. Since then, it had attacked several large organizations, both in and out of the US.

It is believed that these attacks were performed by the Lazarus Group, which operates from North Korea. However, the attack on different news outlets could have just as easily been launched by a third party. September reports confirmed that the malware is spreading through malicious spam and that it is created specifically for each victim. Reports such as these indicate that the attack on Tribune Publishing might not be random after all,

Meanwhile, the Department of Homeland Security’s spokesperson stated that they have some knowledge of the situation. Even so, further investigation is necessary before any solid claims can be made.

Summary
Major US News Outlets Disrupted in Last Weekend's Malware Attack
Article Name
Major US News Outlets Disrupted in Last Weekend's Malware Attack
Description
During the final days of 2018, a form of ransomware hit major US news outlets, causing disruptions in their printing schedules, and affecting the published information.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading