Ryuk Ransomware Suspected in U.S. Newspaper Attack

From securityweek.com

Ryuk ransomware blamed for US newspaper attack

The recent cyberattack that disrupted the delivery of several major newspapers in the United States may have involved Ryuk, a piece of ransomware that has typically been used in targeted operations.

The public was informed over the weekend that the delivery of newspapers such as the LA Times, Wall Street Journal, the New York Times and San Diego Union Tribune was delayed as a result of a malware attack that hit the systems of Chicago-based Tribune Publishing, which is connected to the production and printing process of multiple newspapers.

According to the LA Times, the attack appears to have originated from outside the US and it seems to have involved a recently documented piece of ransomware tracked as Ryuk – an unnamed company insider said files on the compromised systems were assigned the .ryk extension.

The Department of Homeland Security (DHS) has also launched an investigation into the incident. The US government has been tracking Ryuk and an advisory published in August described attacks as “highly targeted, well-resourced and planned.”

Read more…