'Ryuk Ransomware' suspected to be targeting major US newspapers

In December, several of the most widely circulated newspapers in the United States are suspected to be targeted by the Ryuk Ransomware, which have reportedly originated on foreign land. The attack reportedly affected printing centers operated by Tribune Publishing and former Tribune Publishing property, the Los Angeles Times. If something isn’t done to protect it, we could be heading towards a future in which we would not be able to read anything in print.

The malware prevented editors from transmitting pages of the papers to printing presses, and it delayed the scheduled printing and delivery of the Saturday editions of several newspapers, including The New York Times and The Wall Street Journal.

Nobody is sure of the source of the attack, but several people with inside knowledge of Tribune told The Los Angeles Times that the attack appeared to be the Ryuk ransomware. Experts have linked this software to groups in North Korea and Eastern Europe, but for now, all that The Los Angeles Times has confirmed is that the attack appears to have originated from outside the U.S.

As the name implies, ransomware attacks are typically financially motivated — attackers disrupt a company’s operations and demand a ransom to end the disruption — but neither Tribune Publishing nor The Los Angeles Times has reported any ransom demand. An anonymous source told The Los Angeles Times that the attackers didn’t appear to steal any information either.

That means a likely motivation behind the attack was preventing newspaper readers from getting their news — and that is highly troubling. But a news article in The Los Angeles Times, and one outside computer expert said that the attack shared characteristics with a form of ransomware called Ryuk, which was used to target a North Carolina water utility in October and other critical infrastructure. Some experts have linked that malware to a sophisticated North Korean group, but CrowdStrike, a security firm that has been tracking the group behind Ryuk, said it believed cybercriminals in Eastern Europe were responsible.

In other markets a similarly slimmed-down version of the Saturday newspaper had to be delivered a day late. On Sunday, three other newspapers reported similar outrages.

"The attack delayed distribution of Saturday editions of the Los Angeles Times and San Diego Union Tribune," the LA Times said on Saturday.

"It also stymied distribution of the West Coast editions of the Wall Street Journal and New York Times, which are printed at the Los Angeles Times' Olympic printing plant in downtown Los Angeles," the newspaper added.

The LA Times cited an inside source at its former mother company who claimed the printing outage was caused by an infection with the Ryuk ransomware.

This type of ransomware was first described in a Check Point report published over the summer. The ransomware is primarily deployed in targeted attacks on high-value targets with the hopes of netting cyber-criminals profits from companies that can't afford a major downtime. Previous Ryuk ransomware victims include major Canadian restaurant chain, Recipe Unlimited.

Just this month, a majority of Americans admitted for the first time that they prefer to get their news from social media platforms than from traditional print newspapers. While the latter sources are held to journalistic standards that place a premium on fact-checking and context, the former are notoriously rife with misinformation and bias.