By Mark Wycislik-Wilson
A number of major US newspapers — including the Los Angeles Times, Chicago Tribune, Wall Street Journal and New York Times — have been hit by a cyberattack that is said to originate from another country.
Malware was first detected on Thursday by Tribune Publishing, the owner of some of the affected titles, but unsuccessful attempts at quarantining meant that there was disruption well into Saturday. The Department of Homeland Security is currently investigating the incident which is not thought to have exposed any personal customer details.
Writing about the malware attack, the Los Angeles Times explains: “Technology teams worked feverishly to quarantine the computer virus, but it spread through Tribune Publishing’s network and reinfected systems crucial to the news production and printing process. Multiple newspapers around the country were affected because they share a production platform”.
An anonymous source is quoted as saying that the attack was launched from outside the US, but it is not clear whether it was the action of an individual, or an enemy state:
We believe the intention of the attack was to disable infrastructure, more specifically servers, as opposed to looking to steal information.
The attack appears to take the form of the Ryuk ransomware, but more will not be known until the investigation proceeds. DHS spokeswoman Katie Waldman said:
We are aware of reports of a potential cyber incident affecting several news outlets, and are working with our government and industry partners to better understand the situation.
In a statement issued on behalf of Tribune Publishing, spokeswoman Marisa Kollias said: “There is no evidence that customer credit card information or personally identifiable information has been compromised”.