Ryuk, a malware program believed to have been used in an attack last weekend that hobbled newspapers nationwide, including the Los Angeles Times, is a sophisticated twist on an extortionate classic.
Once Ryuk gets into a network, it automatically spreads from computer to computer, node to node, encrypting important files along the way with an unbreakable code. Try to access the encrypted data, and the malware presents a ransom note: deposit bitcoin into an anonymous wallet and receive a key to decrypt your entire system. Refuse to pay, and the files remain locked for good.
The problem surfaced near midnight Thursday, when sports editors at the Union-Tribune struggled to transmit finished pages to the printing facility. It spread rapidly over the following day, impeding distribution of the Saturday editions of The Times and Union-Tribune, as well as papers in Florida, Chicago and Connecticut and the West Coast editions of the Wall Street Journal and New York Times, which are printed in downtown Los Angeles.
By Monday, problems in production and delivery were largely resolved, said Marisa Kollias, spokeswoman for Tribune Publishing.
A screenshot of affected company files obtained by The Times shows a ransom note titled RyukReadMe that is similar to messages reported in other Ryuk incidents. No ransom amount was specified. The company would not confirm that it had been affected by Ryuk in particular or a ransomware attack in general.
The name Ryuk appears to be a reference to a character in the popular anime and manga series “Death Note.” In the comics, Ryuk is a demon of death who, bored with his immortality, decides to introduce into the world a notebook that allows its finder to kill anyone by writing their name.
No comments:
Post a Comment