US newspaper print breakdown caused by ‘Ryuk’ malware

A malware known as ‘Ryuk’ is believed to be behind the cyber-attack that sent newspaper printing and production lines into chaos over the festive period.

The virus hit news publication offices across the US in December, disrupting delivery times in a number of cities, including New York, Los Angeles, Baltimore and Chicago, the Herald reports.

What was first thought to be a server outage was subsequently deemed to be malware broadcast by an unknown party. Experts were also left scratching their heads as to why the attacker decided to subvert newsrooms and production hubs to delay around a dozen daily newspapers around the States last weekend.

The turmoil was exacerbated because many of the newspapers involved share production platforms.

A number of officials on the inside at the Chicago Tribune have attributed the malicious activity to Ryuk, a relatively new format of ransomware which first appeared in the autumn.

One voice coming out of the Illinois-based daily was unable to publically comment, though they did explain that the corrupted files that brought down the regular work patterns of Tribune Publishing bore the file extension “.ryk”.

In August, an advisory document coming out of the US Department of Health and Human Services’ cyber-security programme described Ryuk attacks as “highly targeted, well-resourced and planned.

Those who come under fire from the virus are carefully chosen, while “only crucial assets and resources are infected in each targeted network,” the release said.

An individual with more intimate knowledge of the incident’s details said that the attack was “extremely broad” in its scope. It is thought that the overall mission was to wreck infrastructure and procedure, as opposed to thieving personal data.

Director of the University of Southern California’s Centre for Computer Systems Security, Clifford Neuman, explained how the Ryuk virus probably arrived on the scene in the middle of 2018.

While ransomware might typically move through networks as a worm or virus, Ryuk requires on an element of user participation and will frequently “trick an individual into downloading or clicking on a particular link, or visiting a website.”

Ryuk also has the capacity to infiltrate IT systems via remote access if security is not at its most robust, explained Stephen Cobb, a senior security researcher as web security firm, Eset. Cobb stated that Ryuk’s usual victims are rich organisations that rely on rapid access to files or software.

“Ryuk has typically been used to extort money but it could be used in a purely destructive manner,” Cobb added.

It is currently believed that the culprits behind this latest disruption are based beyond US borders, however, such cyber-attacks are difficult to pinpoint to any degree of accuracy.


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.