Adam Meyers, the head of threat intelligence at CrowdStrike, said cybercriminals appeared to have been infecting victims with Ryuk through a criminal tool called Trickbot. The tool was used in banking attacks and, more recently, attacks on major businesses and infrastructure in the United States, Canada and Britain.
Sophos, another security vendor, said Ryuk’s creators were selective about whom they targeted. They deploy the ransomware against victims that can pay large, often six-figure ransoms, particularly in the commodities, manufacturing and health care industries, Sophos said.
Whoever is behind the ransomware, the attacks appear to have paid off. This month, the group, which goes by the name Grim Spider, received a ransom payment of nearly 100 Bitcoin, the equivalent of more than $380,000.
It apparently took Tribune a while to understand the nature of the attack. The problem first appeared to be a malfunctioning computer server. The first evidence of the attack emerged Thursday night, The Los Angeles Times reported, and by Friday it appeared to have been contained. But it came back — a frequent occurrence with sophisticated attacks — and began to spread through the systems that govern the interface between the news content systems and the systems that control the printing of the newspapers.
By late Friday, The Los Angeles Times said, “the attack was hindering the transmission of pages from offices across Southern California to printing presses.” Among the hardest hit was the San Diego paper, whose production teams could not transmit the files that enable the making of page plates for the printing presses.
As a result, delays cascaded across the printing schedules for other newspapers. The South Florida Sun Sentinel was also hit, the newspaper reported on its website. It said distribution of The New York Times and The Palm Beach Post had also been affected, because they share the same presses.
On Sunday, Hillary Manning, vice president for communications at The Los Angeles Times, said, “The presses ran on schedule, and papers were being delivered as usual today.” She added, “The systems outage caused by a virus or malware has not been completely resolved yet.”
[ad_2]
No comments: