Ransomware attacks have been frequently happening in the last couple of years. The majority of attacks involve targeting corporate and public-sector entities. However, a unique ransomware activity happened over this weekend when one of the largest US newspaper publishers came under cryptovirological attack.
Tribune Publishing has experienced a major cyberattack over the weekend, which affected the publication of several of its newspapers in different states. It has been reported that the attack delayed the delivery of newspapers in many regions this Saturday and Sunday. Moreover, some of the affected newspapers also had to slash their regular number of pages.
Now, the report is coming in that the cyber attack on Tribune publishing was actually the infiltration of the Ryuk ransomware. An anonymous source from within the organization has told LA times that Ryuk ransomware was used to lock down the devices of Tribune Publishing.
The source couldn’t tell anything else about the attack. It is still not known whether the company has completed ransomware removal and recovery activities. Moreover, we still don’t know about the perpetrators behind the attack and what they demanded the ransomware removal key.
The attack has revealed another dangerous opportunity regarding the use of ransomware for disruption of services. A more severe ransomware infiltration could have actually turned into a complete publication blackout. Such ransomware prospects can be exploited in state-sponsored cyber warfare.
Ryuk ransomware was first detected by security experts in the month of August. The code of Ryuk ransomware is pretty similar to that of Hermes ransomware. It also uses the combination of AES and RSA encryption to render regular ransomware removal efforts useless.
During the spurt of Ryuk ransomware activity in August and following months, its operators would ask for 0.5 Bitcoin to provide decrypter for ransomware removal.