Malware, Americas, Content

Malware Hackers Hit Major Newspapers, Hobble Printing Infrastructure

Malware hackers hobbled the printing operations of the Los Angeles Times, newspapers in San Diego and Florida, the New York Times and the Wall Street Journal, among others hit on Friday, December 28, multiple reports said.

While the attack initially was thought to be an outage, it’s now believed that foreign attackers are likely behind the cyber sabotage, the LA Times said, citing a source with “knowledge of the situation.” At this point, there’s no indication that a nation state was involved. This would be the first documented attack on the newspaper industry and add to other assaults aimed at vital infrastructure launched in the past two to three years.

In the hack’s wake, some believe the culprit is the Ryuk ransomware linked to the notorious North Korean Lazarus Group but there is no certainty at this point. No ransom demand has surfaced, reports said. Files on the infected computers were said to contain the .ryk extension.

The LA Times and the San Diego Union-Tribune, both formerly owned by Tribune Publishing but still using the former parent company's servers, suffered printing and distribution delays from the malware attack. Distribution in Southern California of the print editions of the New York Times and the Wall Street Journal was also disrupted, according to reports. The latter two appear not to have been targeted by the malicious code but reportedly still suffered collateral damage.

The Chicago Tribune, Tribune Publishing's flagship outletsaid certain sections of its weekend print edition went unpublished, while the Baltimore Sun experienced a similar disruption. Online versions of the papers have not been affected so far. On Sunday, the Chicago Tribune said it was still dealing with the malware's fallout and continuing to investigate.

“Every market across the company was impacted,” Marisa Kollias, a spokeswoman for Tribune Publishing, told the LA Times. Officials said that no subscriber data, or confidential information belonging to online users or advertisers was compromised in the attack. Tribune Publishing also owns the New York Daily News, the Hartford Courant, the Orlando Sentinel, the Capital Gazette in Annapolis, Md., the Morning Call in Allentown, Pa., the Daily Press in Newport News, Va., and the Virginian-Pilot in Norfolk, Va.

A U.S. Department of Homeland Security (DHS) spokesperson told Reuters that it was on the case. "We are aware of reports of a potential cyber incident affecting several news outlets, and are working with our government and industry partners to better understand the situation," the spokesperson said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.