A ransomware attack being identified by the name of Ryuk ransomware has caused disruption over the weekend and into the end of 2018 in printing and delivery of major US newspapers. This includes Tribune Publishing and the Los Angeles Times.

Those affected by the attack include the Wall Street Journal, Los Angeles Times, New York Times, Chicago Tribune, Baltimore Sun, Post-Tribute, Lake County News-Sun, Hartford Courant, Carroll County Times, and the Capital Gazette.

This strain of ransomware initially came to fruition and gained international notoriety in August of 2018, when it was reported to have acquired over $640,000 USD in Bitcoin being paid out to the group behind its development. It is normally used in targeted phishing attacks, but has also been planted through insecure remote desktop connections.

Pictured above is an example of the Ryuk ransomware note.

The ransomware has been attributed to the North Korean hacker group, Lazarus, based on analytical similarities with the Hermes variant, according to Check Point, a security company.

The Los Angeles Times has made a statement stating that this printing downtime was caused by a computer breakdown, however, the publication then proceeded to detail that the outage was caused by a “malware attack, which appears to have originated from outside the United Stated and hobbled computer systems and delayed weekend deliveries of the Los Angeles Times and other newspapers across the country.” The result of the attack was delayed distribution of Saturday’s editions across the multiple newspapers.

Tribune Publishing noted “the personal data of our subscribers, online users, and advertising clients has not been compromised.” The Los Angeles Times also mentioned that multiple unidentified sources closer to the investigation point to Ryuk ransomware as the variant responsible for the outage. An individual inside the company said that the files on infected computers from Tribune Publishing has the extension ‘.ryk’ appended.