Ryuk's Latest Victim: Tampa Bay TimesNewspaper Continues Recovery Effort After Refusing to Pay Ransom
The Tampa Bay Times is the latest U.S. news organization hit with the Ryuk ransomware strain, the Florida newspaper acknowledges.
See Also: Threat Briefing: Ransomware
The ransomware has previously been used to target a number of other major U.S. newspapers, including The Chicago Tribune, The Los Angeles Times and the San Diego Union Tribune.
The newspaper's parent organization, The Times Publishing Co., refused to pay the ransom the attackers demanded and is in the process of restoring systems through backups files and removing the malware from its infrastructure, the publication reports.
The attackers do not appear to have compromised payment data or customer information when the attack happened on Thursday, and the newspaper’s online publishing was not interrupted, it reports.
"We’ve been able to recover pretty much all of our primary systems," says Conan Gallaty, the parent company's chief digital officer. "The focus for us is to fully recover and then work on further preventive measures."
An analysis conducted by Malwarebytes found that the only significant inconvenience that the publication faced was that its Friday newspaper was published with an earlier deadline. The exact amount of devices affected by the ransomware is not known, the newspaper reports.
On Monday, a spokesperson for the Times Publishing Company told Information Security Media Group that the paper's IT team is continuing to restore full operations.
"Since the attack last week, we have worked around the clock to restore our business to full, normal operations. We are proud that our customers experienced minimal disruptions to our service. And we’re extremely grateful for our staff, who have responded to this challenge with poise and dedication," the spokesperson says.
Ryuk Hits The News
Ryuk, crypto-locking malware that has been active since 2018, has been used to target large-scale enterprise systems as well as local and state government agencies, according to an analysis published by New Zealand-based anti-virus firm Emsisoft on October (see: Ransomware Attacks: STOP, Dharma, Phobos Dominate).
And since it's discovery and growing prominence, attackers using Ryuk have targeted several news organizations throughout the U.S. In December 2018, for example, the ransomware hampered the production of several newspapers owned by Chicago-based Tribune Publishing (see: Suspected Ransomware Outbreak Disrupts US Newspapers)
Uptick in Attacks
Between Jan. 1 and Jan. 23, researchers recorded over 700 Ryuk detections, Malwarebytes reports.
Ryuk often is used in conjunction with Emotet and TrickBot as part of multistage attacks targeting larger organizations and enterprises. On Jan. 22, the U.S. Cybersecurity and Infrastructure Security Agency issued an alert warning that it's seen a surge in targeted attacks using Emotet (see: Emotet Malware Alert Sounded by US Cybersecurity Agency ).
An analysis pulished last week by security firm Coveware found that in the fourth quarter of 2019, Ryuk was the second most distributed ransomware, with Sodinokibi taking the top spot.
The Coveware analysis also found that the average payouts for these types of ransomware attacks are steadily increasing, despite warnings from the FBI and other law enforcement agencies not to pay the attackers.
"Some variants such as Ryuk and Sodinokibi have moved into the large enterprise space and are focusing their attacks on large companies where they can attempt to extort the organization for a seven-figure payout," according to the report. "For instance, Ryuk ransom payments reached a new high of $780,000 for impacted enterprises."