On 28th December, 2018 morning the Ryuk Ransomware attacked the computer system of Tribune Publishing Co. which is the former parent company of LA times that publishes the array of major newspapers in US. This malware threat restricted some important editions like certain pages that includes death notices, missing persons, classified advertisements and in some cases the whole newspapers are not being printed and delivered. It was mainly distributed through the network of Tribune Publishing Co.
The ransomware attack had abruptly disrupted the printing and delivering of major leading newspapers across the US like Chicago Tribune, Los Angeles Times, and The Wall Street Journal that also includes Lake County News-Sun, Post-Tribune, Hartford Courant, Baltimore Sun, Capital Gazette, and Carroll County Times got affected by the malware attacks which appeared to be inducted outside the United States.
According to LA Times report that it was the believe of the attacker with the prime intension to disable the entire infrastructure more specifically their servers. They also stated that the personal data of its advertising clients, subscribers, online users, will been compromised at any cost. They actually apologize for this inconvenience situation and are very much thankful to their readers and advertising partners for their at most patience.
This Ransomware attack was firstly identified on Friday morning which is the holiday season for many people due to Christmas and New Year. The main purpose of this cyber threat is not just to crack the confidential informations but also destroy the major operations of its infrastructure. This ransomware attack can be involved in the debilitation of a North Carolina Water Utility in the month of October that affected the printing centers which were mainly operated by the Tribune Publishing Company of US.
According to the sources that are closely related with the investigation procedure the Ryuk Ransomware which is a malicious file encrypting cyber threat that belongs to the same family of Hermes ransomware that is very common attribute of Lazarus group. By using the specific combination of RSA-4096 and AES-256 encrypting algorithms is can easily encoded the crucial files and then appends the file extension name by adding .ryk file extension name. Then drops a ransom note of RyukReadMe.txt format on the victim screen and demands for about $640,000 from the targeted companies which has to be paid through crypto-currency like Bitcoin. Like many other malware attacks they usually used to affects the entire systems with the intention of blocking the users from accessing its own system resources until the user pays a ransom money for its removal.