Foreign cyberattack hits newspapers: Here is what we know \u00bb<\/a><\/strong><\/p>\n\n\n\nTribune Publishing said in a statement Saturday that \u201cthe personal data of our subscribers, online users, and advertising clients has not been compromised. We apologize for any inconvenience and thank our readers and advertising partners for their patience as we investigate the situation.\u201d<\/p>\n\n\n\n
\u201cEvery market across the company was impacted,\u201d said Marisa Kollias, spokeswoman for Tribune Publishing. She declined to provide specifics on the disruptions, but the company\u2019s properties include the Chicago Tribune; Baltimore Sun; Capital Gazette in Annapolis, Md.; Hartford Courant; New York Daily News; South Florida Sun Sentinel and Orlando Sentinel.<\/p>\n\n\n\n
No other details about the origin of the attack were immediately available and the motive remained unclear.<\/p>\n\n\n\n
Tribune Publishing sold The Times and the San Diego Union-Tribune to Los Angeles biotech entrepreneur Dr. Patrick Soon-Shiong in June, but the two companies continue to share various systems, including software.<\/p>\n\n\n\n
It\u2019s unclear how many Times subscribers were impacted by late deliveries and the paper could not provide firm numbers, but a source said that a majority received their papers Saturday morning, albeit several hours late. The Times said that print subscribers who did not get their papers Saturday would receive them with their regularly scheduled delivery of the Sunday edition.<\/p>\n\n\n\n
\u201cWe apologize to our customers for this inconvenience,\u201d The Times said in a statement. \u201cThank you for your patience and support as we respond to this ongoing matter.\u201d<\/p>\n\n\n\n
The Times and the San Diego paper became aware of the problem near midnight on Thursday. Programmers worked to isolate the bug, which Tribune Publishing identified as a malware attack, but at every turn the programmers ran into additional issues trying to access a myriad of files, including advertisements that needed to be added to the pages or paid obituaries.<\/p>\n\n\n\n
After identifying the server outage as a virus, technology teams made progress Friday quarantining it and bringing back servers, but some of their security patches didn\u2019t hold and the virus began to reinfect the network, impacting a series of servers used for news production and manufacturing processes.<\/p>\n\n\n\n
By late Friday, the attack was hindering the transmission of pages from offices across Southern California to printing presses as publication deadlines approached.<\/p>\n\n\n\n
At one point, Times staffers were making contingency plans to hand-deliver pages from the editorial offices in El Segundo to its Olympic printing plant in downtown Los Angeles. Working through the problems created a logjam at the plant, and the resulting cascade of delays pushed back printing and delivery.<\/p>\n\n\n\n
San Diego was particularly hard hit by the problem, in large part because of the paper\u2019s position in the press run. Between 85% and 90% of the Saturday edition of the Union-Tribune did not reach subscribers on Saturday morning, said Jeff Light, publisher and editor of the San Diego Union-Tribune.<\/p>\n\n\n\n
\u201cPapers that should have arrived in San Diego around 3 a.m. to 4 a.m. instead arrived at 7 a.m. and 8 a.m.\u201d Light said. Because the newspaper relies on independent contractors to deliver the paper to neighborhoods, many of those people were not available later in the day to do the deliveries.<\/p>\n\n\n\n
The first signs of trouble at the Union-Tribune came late Thursday night when sports editors tried to send information, via digital files, to the plate-making facility. But those digital files which contain information that ultimately becomes the pages of the newspaper would not transmit to the plate-making process. Editors seemed to be locked out of the system, having to perform work-arounds.<\/p>\n\n\n\n
The transmission of community editions, including the Glendale News Press and Burbank Leader, also appeared in doubt Friday night. Ultimately, a page designer in Orange County figured out he could send all the community papers\u2019 news pages from his unaffected computer, said John Canalis, executive editor of Times Community News.<\/p>\n\n\n\n
The problem caused widespread issues in South Florida, one of Tribune Publishing\u2019s major markets. The South Florida Sun Sentinel told readers that it had been \u201ccrippled this weekend by a computer virus that shut down production and hampered phone lines,\u201d according to a story on its website.<\/p>\n\n\n\n
Malware attacks are extremely common, affecting millions of computers in homes, offices and other organizations every day, said Salim Neino, chief executive of the company Kryptos Logic.<\/p>\n\n\n\n
In some cases, dubbed \u201cransomware,\u201d the attackers disable the system and demand money, said Neino, whose company tackled a major ransomware attack called WannaCry last year.<\/p>\n\n\n\n
In other instances, the goal is simply to disrupt or \u201cbreak stuff\u201d by wiping systems, Neino said. Malware has also been used to quietly infect computers and then sell access to other cybercriminals, who can steal banking credentials or exploit other valuable information, Neino said.<\/p>\n\n\n\n
Several individuals with knowledge of the Tribune situation said the attack appeared to be in the form of \u201cRyuk\u201d ransomware. One company insider, who was not authorized to comment publicly, said the corrupted Tribune Publishing computer files contained the extension \u201c.ryk.\u201d<\/p>\n\n\n\n
\u201cRyuk\u201d attacks are \u201chighly targeted, well-resourced and planned,\u201d according to an August advisory by the U.S. Department of Health and Human Services\u2019 cybersecurity program. Victims are deliberately targeted and \u201conly crucial assets and resources are infected in each targeted network.\u201d<\/p>\n\n\n\n
It was unclear whether company officials have been in contact with law enforcement regarding the suspected attack. But Katie Waldman, a spokeswoman for the Department of Homeland Security, said \u201cwe are aware of reports of a potential cyber incident effecting several news outlets, and are working with our government and industry partners to better understand the situation.\u201d<\/p>\n\n\n\n
Tribune declined to comment on the specifics of the malware attack.<\/p>\n\n\n\n
Neino also said that tracking the identity of attackers can be difficult since malware code is often freely distributed online.<\/p>\n\n\n\n
For instance, even if an attack appears to be Russian because of the \u201cmalware family traits,\u201d Neino said, \u201ccode still could have been sourced, weaponized and deployed by an actor who downloaded it from an underground forum anywhere in the world.\u201d<\/p>\n\n\n\n
Pam Dixon, executive director of the World Privacy Forum, a nonprofit public interest research group, said that \u201cusually when someone tries to disrupt a significant digital resource like a newspaper, you’re looking at an experienced and sophisticated hacker.\u201d<\/p>\n\n\n\n
Dixon added that the holidays are “a well known time for mischief” by digital troublemakers, because organizations are more thinly staffed.<\/p>\n\n\n\n
“It’s an optimal time to attack a major target,” she said.<\/p>\n\n\n\n
The highest-profile cyberattack of a media company was in late 2014 at Sony Pictures Entertainment in Culver City. Hackers, which the FBI later determined were affiliated with the North Korean government, broke into Sony Pictures\u2019 computer system and copied huge chunks of data, which they later posted online for the world to see.<\/p>\n\n\n\n
Read more at the <\/em>Los Angeles Times<\/em><\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"What first arose as a server outage was identified Saturday as a malware attack, which appears to have originated from outside the United States and hobbled computer systems and delayed weekend deliveries of the Los Angeles Times and other newspapers across the country. Technology teams worked feverishly to quarantine the computer virus, but it spread […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[10],"tags":[],"acf":[],"_links":{"self":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/posts\/2175"}],"collection":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/comments?post=2175"}],"version-history":[{"count":0,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/posts\/2175\/revisions"}],"wp:attachment":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/media?parent=2175"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/categories?post=2175"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/tags?post=2175"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}