Major US Newspapers Crippled By Foreign Ryuk Ransomware Cyberattack

Typically when we talk about malware, we are talking about malicious code that is hidden inside software to try and take advantage of end users. An example is a malware that was hiding aboard a fake Adobe Flash update that was designed to install cryptocurrency mining software or other nefarious payloads. Earlier this month, another malware making the rounds was able to steal PayPal account balances despite users having two-factor authentication enabled. Today, a new malware has been identified and this one isn't attacking end users, it's attacking major newspapers around the U.S., underscoring new areas of concern with respect to IT security.


The Los Angles Times has confirmed a malware attack has impacted its delivery and distribution systems. The LA Times wrote that at first, the attack was thought to be a server outage, but it was later identified as a malware attack that originated from outside the U.S. The paper wrote that the attack hobbled its computer systems and delayed weekend deliveries of the LA Times and other newspapers across the country.

The LA Times also noted that an inside source claimed the systems outage was caused by a strain of Ryuk ransomware. This type of ransomware is typically targeted at large companies that can't afford downtime and thus may be more willing to quickly payoff demands to remedy an outage. However, at this time, no apparent demands have been reported on the matter.

Despite teams working to quarantine the virus that the malware attack delivered, the virus was able to spread through the Tribune Publishing network and reinfected systems that were critical to news production and printing processes. The reason that multiple papers across the country were impacted by infected Tribune Publishing networks is that multiple papers share the same production platform.

Newspaper Production Line

Saturday editions of several well-known print newspapers were delayed, including the Saturday editions of the LA Times and the San Diego Union Tribune. Distribution of West Coast editions of the Wall Street Journal and New York Times were also affected because they are printed at the LA Times' Olympic printing plant in downtown Los Angeles. A Source claiming to be familiar with the attack says that, while it has been confirmed to have originated from outside the U.S., at this time, there is no way to know if a foreign state or another group perpetrated the attack.

The attack is believed to be aimed at disabling digital infrastructure rather than stealing information. Investigators are mum on why evidence led them to state the attack originated from outside the U.S. Tribune Publishing says that the personal data of subscribers, online users, and advertisers were not compromised in the attack.

Newspaper production image credit: JD Lasica, Flickr