Tribune Media Suspects Ryuk Ransomware Hit Publishing and Production Systems
Production of newspapers owned by Chicago-based Tribune Publishing have been disrupted after malware began infecting the company’s publishing and printing systems.
Multiple sources quoted by Tribune newspapers have suggested that the malware infection, which began late on Thursday, involved ransomware known as Ryuk, which may tie to North Korean operators. But security experts say it’s far too soon to label Tribune’s ransomware outbreak as anything more than an opportunistic infection, and note that anyone can potentially obtain and use malware, irrespective of their identity, political affiliation or other motivations (see Stop the Presses: Don’t Rush Tribune Ransomware Attribution).
Tribune Publishing says the malware infection, which it discovered on Friday, compromised no financial information and had no impact on its websites, but did disrupt systems that it uses to publish and print its newspapers. All of its newspapers were affected.
“This issue has affected the timeliness and in some cases the completeness of our printed newspapers,” Tribune Publishing spokeswoman Marisa Kollias said in a statement released on Saturday, the Chicago Tribune reported. “Our websites and mobile applications however, have not been impacted.”
Kollias said the company is “making progress” with restoring systems. “There is no evidence that customer credit card information or personally identifiable information has been compromised,” she said.
Formerly known as Tronc, Tribune Publishing owns the Chicago Tribune, as well as Chicago suburban newspapers Lake County News-Sun and Post-Tribune; Los Angeles Times; The Baltimore Sun; the New York Daily News; Hartford Courant; Orlando Sentinel; the Capital Gazette in Annapolis, Maryland; The Morning Call in Allentown, Pennsylvania; and in Virginia, the Daily Press in Newport News, and The Virginian-Pilot in Norfolk.