Tribune Publishing Co. an American newspaper print and online publishing company located out of Chicago, Illinois, has been targeted in a malware attack. Tribune Publishing is America’s third largest newspaper publisher and has some notable press companies in its client base, including the Chicago Tribune, and the New York Daily News.
The malware virus infected Tribune Publishing’s computer systems, and caused disruption including missing pages, it prevented certain editions being printed and in some cases caused the entire newspaper to not be printed. These systems are shared with other major newspapers and so affected their printing as well. Those affected include the New York Times, and the Southern California editions of the Wall Street Journal, among others.
The cyber attack is thought to have begun on Thursday 27th December, and one day later on the 28th, had spread to the critical systems involved in printing the newspapers. According to anonymous sources close to the issue, it appears the attack stems from Ryuk Ransomware, however further details about the attack have not been officially released.
What is Ryuk Ransomware?
Ryuk Ransomware is a somewhat unusual or atypical form of ransomware in terms of its methods. Typically ransomware works by a mass emailing or spamming campaign, with the goal of reaching as many people as possible and as such generating as much profit as possible for the attackers. With traditional ransomware, the code or software element of the attack in which the victim’s system is infected is not usually targeted, but rather designed with the aim that it will work on most users computers. Ransom notes in poor or non-native level English are also common.
This is not the case for Ryuk Ransomware, the software is highly targeted and tailored, designed to only affect specific systems and requires a high degree of manual input from the attackers. It is also common to see well worded and long messages accompanying Ryuk Ransomware attacks. The sophisticated of Ryuk has led to speculation that it is connected to the Lazarus Group.