A malware attack targeting Tribune Publishing Co. crippled the printing and deliveries of several major newspapers across the U.S. this weekend – including the Los Angeles Times and Wall Street Journal.
The virus impacted computer systems of Tribune Publishing Co., which publishes an array of major newspapers. These systems are shared by major newspapers including the Los Angeles Times and the San Diego Union Tribune. Also impacted were the Southern California versions of the Wall Street Journal and the New York Times, the Chicago Tribune, and the Baltimore Sun. The cyberattack prevented certain editions, pages (including the classified ads and death notices), or – in some cases- entire papers from being printed or delivered.
According to a letter from the publisher of the San Diego Union Tribune, the attack appeared to begin late Thursday night and by Friday spread to the Tribune Publishing’s network, injecting systems that are critical to news production and printing.
“Technology teams from both companies made significant progress against the threat, but were unable to clear all systems before press time,” according to the Union Tribune Editor and Publisher Jeff Light.
While further details about the attack have not been publicly released, according to several anonymous sources who spoke to the L.A. Times, the attack appeared to stem from Ryuk ransomware. In August the Ryuk ransomware family was first spotted by Check Point researchers, attacking targeted organizations worldwide. According to Check Point, Ryuk’s code has notable similarities to the Hermes ransomware, a malware commonly attributed to the North Korea-linked hacking group, Lazarus Group.
A Tribune Publishing spokesperson did not immediately respond to a request for comment. In a tweet, the company said that “a disruption to our print production systems caused delays in the delivery of some of our newspapers Saturday.”
A disruption to our print production systems caused delays in the delivery of some of our newspapers Saturday. We apologize to all of our readers for the inconvenience. https://t.co/KmVYE7FpNu
— Tribune Publishing Company (@tribpub) December 30, 2018
While production issues impacted papers across the U.S., papers printed by the Tribune Publishing Co. were back to normal production scheduling by Sunday.
“We apologize for the inconvenience and thank you for your patience as we actively work to resolve these issues and restore timely service to our customers,” the Los Angeles Times said in a statement. “The majority of Times subscribers should receive their paper sometime Saturday. For those who do not receive Saturday’s paper, you will receive it with the regularly scheduled delivery of the Sunday edition.”
It’s not the first cyberattack impacting newspapers – Earlier this month, a webpage owned by the Wall Street Journal was hacked in an attempt to promote YouTube celebrity “PewDiePie.”
Threatpost will update this article as more news become available.