Late last week, several major news organizations were hit with a ransomware attack believed to involve Ryuk ransomware that affected several Tribune newspapers around the country and two newspapers formerly owned by Tribune. Ransomware cyber-attacks typically attempt to disable systems and infrastructure and block access until ransom is paid as opposed to attempting to steal data. In the Tribune publishing case, ransomware caused printing and delivery problems for all of their newspapers around the country. One newspaper reported that it went to print Saturday without paid obituaries and classified ads and another reported that it was unable to produce its paper in time for Saturday delivery.
We did not see any reports of a ransom demand with respect to the Tribune incidents and it appears that the newspapers were able to get back in business fairly quickly.
In another announcement on New Year’s Eve, a hacker group announced that it has breached law firms and insurance companies that handled cases related to the September 11, 2001 attacks. The hacker group, called the Dark Overlord, is now threatening to release files and litigation documents related to the attacks and it appears to be demanding ransom payments in the form of bitcoin.
Both of these announcements show the breadth and sophistication of these recent cyber-attacks on major institutional targets. Whether it is ransomware or hackers, companies continue to need to implement strong best practices to prevent intrusion, to invest in the technology and talent necessary to protect companies from attack, and to remain vigilant in the battle to protect data, systems, and infrastructure.