The end of 2018 didn’t go as smoothly as we wished. As disclosed, a massive malware attack disrupted the distribution of print based newspapers. The reports revealing more details have held the Ryuk Malware responsible for the disruption.
Ryuk Malware Attack Disrupted Several Newspaper Publications
The last weekend of 2018 troubled many newspaper subscribers as a ransomware attack disrupted the publication of major newspapers. Reportedly, on Saturday, some major newspapers suffered printing disruptions due to a cyber attack. The attack allegedly affected the distribution of the Los Angeles Times and Tribune newspapers.
As disclosed in the reports, the attack took place from outside the US and spread through the network of Tribune Publishing. The ransomware subsequently targeted the printing and production systems that targeted multiple newspapers. The affected names included Los Angeles Times, New York Times, Wall Street Journal, Chicago Tribune, Post-Tribune, Capital Gazette, Baltimore Sun, Hartford Courant, Carroll County Times, and Lake County News-Sun.
As revealed by a Tribune spokesperson, the malware behind the attacks seems the Ryuk ransomware, as all the affected files had a “.ryk” extension. However, the affected publishers have not revealed much details about the technicalities of this attack. Nonetheless, Tribune Publishing has confirmed that their database remained safe during the attack.
About Ryuk Ransomware
Ryuk ransomware gained popularity in August 2018 after a devastating cryptojacking attack that allowed the attackers pilfer Bitcoins worth thousands of dollars. According to a tweet by MHT, the ransomware made the hackers receive more than 400 Bitcoins in about four months.
Update after a month: now the addresses that were seen in samples in total received more than 400 BTC.
More than 400 BTC only in ~4 months… https://t.co/FPnIFibOv8
— MalwareHunterTeam (@malwrhunterteam) December 3, 2018
As revealed from the malware analyses, the files encrypted by Ryuk ransomware end up having “.ryk” extensions as their signature. The malware seems related to the Hermes ransomware strain linking back to the infamous Lazarus Group. This group of hackers from North Korea has been found responsible for several devastating cyber attacks including crypto hacks. The attacks involving this malware may employ phishing strategies. Whereas, the ransomware can also be spread by directly infecting unsecured remote desktop connections.