UPDATED 20:45 EST / DECEMBER 30 2018

SECURITY

North Korea suspected in attack that delayed printing of major newspapers

North Korea is suspected to be behind a malware attack that delayed the printing of several major U.S. newspapers on Saturday morning.

The malware attack, believed to have involved a version of the Ryuk ransomware family that crippled a North Carolina water utility in October, struck printing centers operated by Tribune Publishing and the Los Angeles Times.

Along with the Los Angeles Times, other newspapers affected by the outage, which prevented on-time delivery of Saturday newspapers, included the San Diego Union Tribune and the West Coast editions of the New York Times and the Wall Street Journal.

The print editions of the Chicago Tribune, Lake County News-Sun, Post-Tribune, Hartford Courant, Baltimore Sun, Capital Gazette and Carroll County Times were published on Saturday without paid death notices and classified ads because of the malware attack as well.

“We believe the intention of the attack was to disable infrastructure, more specifically servers, as opposed to looking to steal information,” an anonymous source told the Los Angeles Times.

Separately, Tribune Publishing said in a statement that “the personal data of our subscribers, online users, and advertising clients has not been compromised. We apologize for any inconvenience and thank our readers and advertising partners for their patience as we investigate the situation.”

Although the Times only states that they believe that the attack was “carried out by a foreign state or some other entity,” the use of Ryuk makes the likely attacker the infamous Lazarus Group, a hacking team state sponsored by the North Korean government. Ryuk was first detected in the wild in mid-August and infected several organizations in the U.S.

At the time, Ryuk would encrypt files on a targeted network, then demand payment of between five and 50 bitcoin to unencrypt the files. Where Ryuk differed, however, was that every infection recorded at the time was a highly targeted attack — that is, there wasn’t one case of accidental infection.

Why the Lazarus Group and/or North Korea would target the printing presses of legacy media is unknown, but as Axios pointed out, the newspaper hack is a reminder that all infrastructure in the U.S. is vulnerable.

Photo: 45958601@N02/Flickr

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.