A malware attack resulted in the delay of newspaper deliveries from the Los Angeles Times and a number of other news outlets throughout the country during the weekend.
According to the Los Angeles Times, the attack was a computer virus that primarily affected many of the Tribune Publishing network’s newspapers, as well as papers like the Los Angeles Times that aren’t a part of the network but still use the same production platforms or software.
In addition to the Los Angeles Times, the papers affected by the malware attack included: The San Diego Union-Tribune and possibly every paper in the Tribune Publishing network which includes the Baltimore Sun, the Capital Gazette, the New York Daily News, and the Orlando Sentinel. Outside of the Tribune network, the deliveries of the West Coast editions of The Wall Street Journal and The New York Times were also impacted by the malware attack.
The computer virus caused the newspaper delivery delay because it infected and disrupted the newspapers’ news production and printing process systems. The newspapers had difficulties in sending their pages to the printing presses. As a result, subscribers received their papers at varying times, if at all, from several hours late on Saturday to the next morning.
Besides the delay in newspaper deliveries, it appears that the malware attack only affected the publishing process and did not appear to deal with sensitive, personal data. In a statement, Tribune communications vice president Marisa Kollias addressed the possible data and privacy concerns related to the malware attack: “The personal data of our subscribers, online users, and advertising clients has not been compromised.”
An anonymous source told the Los Angeles Times that the origin of the attack may have been outside of the United States, but that claim wasn’t further supported with evidence.
We may know the type of malware involved, however. The Los Angeles Times reports that another source, also unable to comment publicly, said that the extensions of the corrupted files in the malware attack was .ryk.
If true, the .ryk file extension would indicate that the malware attack was a form of ransomware known as Ryuk. Ryuk attacks, like many ransomware attacks, are usually used to infect systems with the intent to block users from being able to access the system unless the user pays a ransom to remove the block.
