Some of America’s best-known newspapers suffered a cyberattack over the last weekend of 2018. Malware affected the Tribune Publishing network and papers that share the same production platform. The cyberattack led to delayed Saturday editions, and according to a spokesperson from the Los Angeles Times, the matter has not been completely resolved.
Newspapers Affected by the Attack
Among the publications affected within the Tribune publishing network include the Wall Street Journal, New York Times, Los Angeles Times, and Chicago Tribune. Other newspapers affected also include the Baltimore Sun, Lake County News-Sun, Post-Tribune, Hartford Courant, Capital Gazette, and Carroll County Times.
“Every market across the company was impacted,” said Marisa Kollias, a spokeswoman for Tribune Publishing.
Malware Responsible for the Attack
A statement explaining the cyberattack from the Tribune informs the public that it was caused by a computer breakdown. The publications offered further details in a subsequent article where it says the outage was due to “a malware attack, which appears to have originated from outside the United States and hobbled computer systems and delayed weekend deliveries of the Los Angeles Times and other newspapers across the country.”
Initial evidence and several unnamed sources close to the investigation suggest that Ryuk ransomware is responsible for the cyberattack. One insider directly related to the Tribune Publishing company said that files infected on computers had the extension ‘.ryk’ appended to encrypted files.
Ryuk ransomware came onto the cybersecurity scene in August 2018 when it was reported to have made over $640,000 in Bitcoin for the creators. Ryuk is typically used in targeted attacks carried out through phishing campaigns however, it can also be deployed through insecure remote desktop connections.
Tribune’s Response
In our opinion, the Tribune did a great job responding to this cybersecurity incident. The Tribune’s top executive, CEO Justin Dearborn, released an initial statement immediately informing users of the incident. Employees at the company also created “workarounds” to get the Saturday editions printed and out to subscribers.
In a subsequent statement, Dearborn assured users. “There is no evidence that customer credit card information or personally identifiable information has been compromised,” Dearborn stated.
Ironically, the websites of the affected newspapers were never impacted.
As with most cybersecurity incidents, further details will emerge as the investigation progresses. If you subscribe to a newspaper within the Tribune network, it would be a good idea to keep up with the story as new details come to light.