LOS ANGELES (AP) — The origins of a suspected computer attack that disrupted the Los Angeles Times and Tribune Publishing newspapers remained unclear Sunday after causing delivery delays and being brought to the attention of federal investigators.
San Diego Union-Tribune Publisher Jeff Light described the incident as “what now seems to have been a malicious attack on the company by computer hackers” in a message posted to the newspaper’s website. He told readers the disruption had mostly seemed to have been brought under control.READ MORE: 1-Year-Old Child Dies After Crash On I-80 In Davis; EB Traffic Being Diverted To Highway 113
The suspected attack prevented the Chicago Tribune, the Baltimore Sun and other papers from publishing paid death notices and classified ads Saturday. But Tribune Publishing has said no news websites were affected and no customer information was compromised.
Katie Waldman, a spokeswoman for the Department of Homeland Security, said in an email Sunday that the agency was “aware of reports of a potential cyber incident” affecting several news outlets. She said the department is “working with our government and industry partners to better understand the situation.”
The Los Angeles Times, citing “several individuals with knowledge of the Tribune situation,” reported that the attack appeared to be in the form of “Ryuk” ransomware. Tribune Publishing sold the Los Angeles Times and the San Diego Union-Tribune earlier this year for $500 million to biotech billionaire Dr. Patrick Soon-Shiong, but the companies continue to share software, according to the newspaper.READ MORE: Now-Former Manteca Teacher Arrested On Suspicion Of Inappropriate Communication With A Minor
An advisory by the U.S. Department of Health and Human Services’ cybersecurity program earlier this year described “Ryuk” attacks as “highly-targeted, well-resourced and planned.”
Mark Weatherford, a former DHS deputy under secretary for cybersecurity who is now chief cybersecurity strategist at California-based vArmour, said Sunday that phishing links are the most common way such attacks gain entry.
“It’s fairly non-discriminatory. This could happen to anybody, although it seems to be more of a targeted attack,” Weatherford said. He added, however, that it was too early to draw conclusions.MORE NEWS: Chase Of Stolen Car From Downtown Sacramento Ends In Crash
Tribune Publishing also reported the attack to the FBI on Friday, the Chicago Tribune said. The FBI did not immediately return a message seeking comment Sunday.