The Ryuk ransomware is making waves across the United States, striking several press outlets and halting print production.
The Baltimore Sun and other papers reported being hit with the nasty ransomware strain on Friday afternoon. All of the printing centers affected were operated by Tribune Publishing and former Tribune Publishing entities (LA Times).
“All Tribune Publishing newspapers were affected by the malware, with the South Florida Sun Sentinel, for example, unable to produce its paper in time for Saturday delivery.”, the company said.
In some cases, papers went out without paid death notices – one more example of how nothing is off-limits for ransomware makers.
Tribune Publishing news websites were not affected, and no customer information was compromised, the company said in a report by the Baltimore Sun. “There is no evidence that customer credit card information or personally identifiable information has been compromised.”
So What is the Ryuk Ransomware?
The Ryuk Ransomware was first reported in a Check Point Research report on August 2018. However, it has risen to prominence due to its unusual strategy of targeting only “big fish” and leaving smaller businesses alone.
This is highly unusual for a ransomware strain. Most ransomware target all businesses and home users indiscriminately, spreading the net to rake in the most money possible. What is more unusual is that Ryuk has an unusually long delay time – sometimes hitting large enterprises days, weeks, or years after the initial infection.
Recently, Ryuk was reported to have raked in $4 million from this strategy. But is this latest press attack part of that plan, or a change of pace?
How Ryuk Works
Ryuk usually strikes victims who have been infected by a separate malware – a powerful trojan known as Trickbot. It lays dormant after this initial infection, giving the attackers time to perform reconnaissance of the network, and hit key systems with pinpoint precision.
Protecting Yourself Against Ransomware
Make sure you’re as protected as you can be against ransomware, not just Ryuk. Make sure you back up your data with a solution that has in-built ransomware protection for your backups, just like BackupAssist’s CryptoSafeGuard. Learn more about it here.