Friday, January 24, 2020

Tampa Bay Times Attacked By Ransomware


The Tampa Bay Times reports it was attacked by ransomware Thursday, making it the latest news organization hit by the crippling software.

Ransomware is malicious code that an attacker uses to encrypt a victim’s computers or servers before demanding a ransom to unlock those systems.

“Fortunately we have a lot of plans for systems that go down, and we’re putting those in motion,” Times chief digital officer Conan Gallaty said. The Times planned to publish Friday’s edition with earlier deadlines.

Ransomware infects machines through a variety of methods, such as malware hidden in targeted emails or by exploiting software vulnerabilities. It’s unclear how the attack on the Times was carried out, Gallaty said, but he does not believe the news organization was specifically targeted.

No data was breached. Sensitive information such as customer addresses and payment cards were not affected, Gallaty said. That information is stored securely outside of the network.

The Times did not respond to a message from the attackers. Gallaty said the Times would not have paid whatever ransom was demanded. The affected systems will be fully restored from backups once the Times has ensured all of the malicious code is removed.

The ransomware the Times was hit with is called “Ryuk,” a strain that is used to target large businesses and agencies. Security research firms CrowdStrike and Malwarebytes say the strain is likely of Russian origin, and said it is likely associated with a Russian cybercriminal group named “Wizard Spider;” Malwarebytes said it may also be associated with a “Russian-speaking” group named CryptoTech.

This particular ransomware was first discovered in 2018 and has wreaked havoc on businesses and government agencies around the country, including several news publications. Its first known victim was Tribune Publishing, when the software affected the newspaper printing operations for the conglomerate’s publications.

Among those affected were the Chicago Tribune and the South Florida Sun Sentinel. The Los Angeles Times and San Diego Tribune also shared the printing networks at the time of the attack.

No comments:

Post a Comment