Ryuk Ransomware Used to Target Florida Newspaper

Malicious code was used to attack the Tampa Bay Times Thursday, officials with the newspaper announced. No customer data was lost in the incident, and backups are being used to return systems to normal.

by Malena Carollo, Tampa Bay Times / January 24, 2020

(TNS) — The Tampa Bay Times was attacked by ransomware Thursday, making it the latest news organization hit by the crippling software.

Ransomware is malicious code that an attacker uses to encrypt a victim’s computers or servers before demanding a ransom to unlock those systems.

“Fortunately we have a lot of plans for systems that go down, and we’re putting those in motion,” Times chief digital officer Conan Gallaty said. The Times planned to publish Friday’s edition with earlier deadlines.

Ransomware infects machines through a variety of methods, such as malware hidden in targeted emails or by exploiting software vulnerabilities. It’s unclear how the attack on the Times was carried out, Gallaty said, but he does not believe the news organization was specifically targeted.

“The focus for us is to fully recover and then work on further preventative measures,” he said.

No data was breached. Sensitive information such as customer addresses and payment cards were not affected, Gallaty said. That information is stored securely outside of the network.

The Times did not respond to a message from the attackers. Gallaty said the Times would not have paid whatever ransom was demanded. The affected systems will be fully restored from backups once the Times has ensured all of the malicious code is removed.

The ransomware the Times was hit with is called “Ryuk,” a strain that is used to target large businesses and agencies. Security research firms CrowdStrike and Malwarebytes say the strain is likely of Russian origin, and named Russian cybercriminal group named “Wizard Spider;” Malwarebytes said it can also be attributed to a “Russian-speaking” group named CryptoTech.

This particular ransomware was first discovered in 2018 and has wreaked havoc on businesses and government agencies around the country, including several news publications. Its first known victim was Tribune Publishing, when the software affected the newspaper printing operations for the conglomerate’s publications.

Among those affected were the Chicago Tribune and the South Florida Sun Sentinel. The Los Angeles Times and San Diego Tribune also shared the printing networks at the time of the attack.

“They’re looking at the people that have the most to lose,” said JP Taggart, a senior security researcher at Malwarebytes.

For any ransomware that hits a large business, the fee can be hefty.

The FBI issued a public service announcement in October warning businesses about ransomware, and urged victims to report any incidents at www.IC3.gov.

“You want to be diligent (about) which emails you open,” said Stacy Arruda, executive director of the Florida Information Sharing & Analysis Organization. “Pay attention to what you’re seeing.”

©2020 the Tampa Bay Times (St. Petersburg, Fla.) Distributed by Tribune Content Agency, LLC.

Platforms & Programs