Tribune Publishing, the parent company of Los Angeles Times and many other regional newspapers in the United States, was targeted with a cyberattack on Dec. 29, 2018, that disrupted its computer systems and delayed delivery of newspapers for several news outlets.
The Los Angeles Times, one of the outlets impacted by the attack,reported that what originally arose as a server outage was ultimately identified as a malware attack. According to the Times, a virus “spread through Tribune Publishing’s network and reinfected systems crucial to the news production and printing process.”
Citing sources with knowledge of the Tribune situation, the Times reported that the attack came in the form of ransomware called “Ryuk.”
The Times further reported:
“We believe the intention of the attack was to disable infrastructure, more specifically servers, as opposed to looking to steal information,” said the source, who spoke on condition of anonymity because he was not authorized to comment publicly. The source would not detail what evidence led the company to believe the breach came from overseas.
Several news outlets share a production platform under Tribune Publishing, which owns papers including Chicago Tribune, Baltimore Sun, Capital Gazette, Hartford Courant, New York Daily News, South Florida Sun Sentinel and Orlando Sentinel.
The Times and San Diego Tribune are no longer owned by Tribune, but were also impacted because they continue to share its production software.
It’s unclear precisely how many news readers were impacted by the delayed deliveries, but the Times reported that a majority of its subscribers received their papers, albeit hours late.
The motive for the cyberattack remains unclear. The Times reported that the Tribune “suspected the cyberattack originated from outside the United States,” but did not elaborate further on whether a foreign government was involved, or why Tribune may have been targeted.