Major US newspapers crippled by Ryuk ransomware attack

All Tribune Publishing newspapers, as well as US-printed newspapers formerly part of Tribune, were hit with a cyber attack involving Ryuk ransomware.

Major US newspapers crippled by Ryuk ransomware attack
Thinkstock
Current Job Listings

Ryuk ransomware is believed to be the culprit behind printing and delivery issues for “all Tribune Publishing newspapers” — as well as newspapers that used to be part of Tribune Publishing.

The malware was discovered and later quarantined on Friday, but the security patches failed to hold when the servers were brought back online and the ransomware began to re-infect the network and impact servers used for news production and manufacturing processes. A Tribune spokesperson said the malware “impacted some back-office systems, which are primarily used to publish and produce newspapers across our properties.”

The Los Angeles Times reported that the cyber attack is believed to have “originated from outside the United States, but officials said it was too soon to say whether it was carried out by a foreign state or some other entity.”

And an unnamed source claimed, “The attack was to disable infrastructure, more specifically servers, as opposed to looking to steal information.”

Print subscribers of affected newspapers ultimately received trimmed down versions that were delivered late — a full day in some cases — slimmed-down Saturday versions without paid classified ads or death notices were received on Sunday.

Print editions of the following Tribune Publishing newspapers were impacted by the cyber attack: the Chicago Tribune, the Baltimore Sun, the Orlando Sentinel, the New York Daily News, Lake County News-Sun, Post-Tribune, Hartford Courant, Capital Gazette, The Morning Call, the Daily Press, the Virginian-Pilot, and Carroll County Times.

The Los Angeles Times and San Diego Union Tribune, which were formerly part of Tribune Publishing newspapers, were also slammed by the ransomware.

Other cybersecurity news:

Hackers threaten to dump stolen files related to 9/11 attacks

The hacking group Dark Overlord hoped to ring in the new year with a bang, announcing on the last day of 2018 that it had breached law firms that handled cases related to 9/11 attacks; the group threatened to release internal files if a ransom wasn’t paid.

According to the extortion notice posted on Pastebin, the group had hacked insurers such as Hiscox Syndicates Ltd, Lloyds of London, and Silverstein Properties. Hiscox had announced a breach, “which may have included information relating to up to 1,500 of Hiscox’s US-based commercial insurance policyholders,” back in April.

The group leaked a few documents from a 10GB archive of stolen files, warning that it will be “releasing the truth” if the ransom demand isn't met. The archive is encrypted, but decryption keys will be released if victims don’t pay the undisclosed bitcoin ransom fee. “Pay the f**k up, or we’re going to bury you with this. If you continue to fail us, we’ll escalate these releases by releasing the keys, each time a layer is opened, a new wave of liability will fall upon you,” the group said.

Security firm hijacked Twitter accounts to highlight flaw

What is the answer if a company claims to have fixed a security flaw, but you don’t buy into that claim? Researchers from Insinia Security opted to hijack the Twitter accounts of celebrities and other verified accounts to prove the flaw was never fixed. Insinia believed the temporary hijacking of accounts was ethical, and not malicious, even if it made victims “feel slightly violated.”

Although the stunt was met with a wide range of reactions, from irritated to appreciative, it did reveal that accounts could still be remotely taken over by SMS spoofing — despite Twitter claiming, “We’ve resolved a bug that allowed certain accounts with a connected UK phone number to be targeted by SMS spoofing.”

SUBSCRIBE! Get the best of CSO delivered to your email inbox.