UPDATED 20:45 EDT / DECEMBER 30 2018

SECURITY

North Korea suspected in attack that delayed printing of major newspapers

North Korea is suspected to be behind a malware attack that delayed the printing of several major U.S. newspapers on Saturday morning.

The malware attack, believed to have involved a version of the Ryuk ransomware family that crippled a North Carolina water utility in October, struck printing centers operated by Tribune Publishing and the Los Angeles Times.

Along with the Los Angeles Times, other newspapers affected by the outage, which prevented on-time delivery of Saturday newspapers, included the San Diego Union Tribune and the West Coast editions of the New York Times and the Wall Street Journal.

The print editions of the Chicago Tribune, Lake County News-Sun, Post-Tribune, Hartford Courant, Baltimore Sun, Capital Gazette and Carroll County Times were published on Saturday without paid death notices and classified ads because of the malware attack as well.

“We believe the intention of the attack was to disable infrastructure, more specifically servers, as opposed to looking to steal information,” an anonymous source told the Los Angeles Times.

Separately, Tribune Publishing said in a statement that “the personal data of our subscribers, online users, and advertising clients has not been compromised. We apologize for any inconvenience and thank our readers and advertising partners for their patience as we investigate the situation.”

Although the Times only states that they believe that the attack was “carried out by a foreign state or some other entity,” the use of Ryuk makes the likely attacker the infamous Lazarus Group, a hacking team state sponsored by the North Korean government. Ryuk was first detected in the wild in mid-August and infected several organizations in the U.S.

At the time, Ryuk would encrypt files on a targeted network, then demand payment of between five and 50 bitcoin to unencrypt the files. Where Ryuk differed, however, was that every infection recorded at the time was a highly targeted attack — that is, there wasn’t one case of accidental infection.

Why the Lazarus Group and/or North Korea would target the printing presses of legacy media is unknown, but as Axios pointed out, the newspaper hack is a reminder that all infrastructure in the U.S. is vulnerable.

Photo: 45958601@N02/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU