Update: Virus Named for Anime Death God is Likely Culprit in Cyber Attack On Major Newspapers

An enthusiast dressed as the character 'Ryuk' from Death Note greets visitors on the first day of Comic Con at the Excel Centre, London. Picture date: Friday October 24, 2014. (Jonathan Brady / Press Association Images / file)
An enthusiast dressed as the character ‘Ryuk’ from Death Note greets visitors on the first day of Comic Con at the Excel Centre, London. Picture date: Friday October 24, 2014. (Jonathan Brady / Press Association Images / file)

Malware comes in many forms.

Bad links can lead to obnoxious adware that unleashes a plague of pop-ups. Nefarious attachments can hijack your processor for a bitcoin-mining botnet.

Ryuk, a malware program believed to have been used in an attack this weekend that hobbled newspapers nationwide, including The San Diego Union-Tribune, is a sophisticated twist on an extortionate classic.

Once Ryuk gets into a network, it automatically spreads from computer to computer, node to node, encrypting important files along the way with an unbreakable code. Try to access the encrypted data, and the malware presents a ransom note: deposit bitcoin into an anonymous wallet and receive a key to decrypt your entire system. Refuse to pay, and the files remain locked for good.

This piece of ransomware managed to throw a monkey wrench into Tribune Publishing newspaper operations, which under-gird its printing plants as well as those of the Los Angeles Times and the Union-Tribune. The Times and Union-Tribune are no longer owned by Tribune Publishing — they were purchased by Dr. Patrick Soon-Shiong in June — but still share many systems.

The problem surfaced near midnight Thursday, when sports editors at the Union-Tribune struggled to transmit finished pages to the printing facility. It spread rapidly over the following day, impeding distribution of the Saturday editions of the Times and Union-Tribune, as well as papers in Florida, Chicago and Connecticut and the West Coast editions of the Wall Street Journal and New York Times, which are printed in downtown Los Angeles.

By Monday, problems in production and delivery were largely resolved, said Marisa Kollias, spokeswoman for Tribune Publishing.

A screenshot of affected company files obtained by the Los Angeles Times shows a ransom note titled RyukReadMe that is similar to messages reported in other Ryuk incidents. No ransom amount was specified. The company would not confirm that it had been affected by Ryuk in particular or a ransomware attack in general.

Click here to continue reading…

SOURCE: Sam Dean
The San Diego Union-Tribune