Newspapers battle malware as FBI investigates source

A number of U.S. newspapers worked to shore up systems in the wake of a malware attack that disrupted the printing of several days’ editions at the end of December, The Chicago Tribune and others reported. The attack hit Tribune Publishing papers and former Tribune operations that use Tribune systems, including the Los Angeles Times and San Diego Union-Tribune. The malware in question was Ryuk ransomware, according to the paper. The FBI is investigating the attack, the paper said. The Department of Homeland Security is also investigating, according to a spokesperson, Reuters reported.

California-based Check Point Research provided an early analysis of Ryuk in August. Ryuk attacks are targeted, Check Point said, and “some organizations paid an exceptionally large ransom in order to retrieve their files.”

A group linked to Ryuk, Grim Spider, pocketed Bitcoin worth more than $380,000 in December, The New York Times reported. A source familiar with the investigation said there was no ransom demand in association with the December malware attack, the Chicago Tribune said.

There was also “no evidence that customer credit card information or personally identifiable information has been compromised," said a statement from Marisa Kollias, Tribune communications vice president. "The personal data of our subscribers, online users, and advertising clients has not been compromised.”

The attack meant some Tribune Publishing papers went out without classified ads and some paid death notices.

The malware hit all Tribune Publishing papers, including the Orlando Sentinel, the Capital Gazette in Annapolis, and the Baltimore Sun, the papers reported. West Coast editions of The New York Times and Wall Street Journal were also affected, as they rely on an LA Times printing plant, the LA Times said. Some papers used workaround in their early attempts to recover from the attack.

Continue reading here