Watch FIFA World Cup 2026™

LIVE, FREE and EXCLUSIVE

'Ryuk' malware blamed on US cyber attack

Malware known as "Ryuk" has been blamed for an attack on US media that delayed delivery of a dozen newspapers across the country.

The cyberattack that disrupted US newspaper offices from California to Florida has been blamed on a form of ransomware known as "Ryuk".

Little was known about why an attacker sought to upend newsrooms and production centres, ultimately delaying delivery of about a dozen newspapers across the country on Saturday.

Multiple newspapers were affected because they share a production platform.

Several people with knowledge of the Tribune situation blamed the attacks on Ryuk, a new form of ransomware that surfaced several months ago.

One company insider, who was not authorised to comment publicly, said the corrupted Tribune Publishing computer files contained the extension ".ryk."

News that makes sense

Your trusted source for staying up-to-date with the world around you. Get free daily news updates and analysis, straight to your inbox.

By subscribing, you agree to SBS’s terms of service and privacy policy including receiving email updates from SBS.

Ryuk attacks are "highly targeted, well-resourced and planned," according to an August advisory by the US Department of Health and Human Services' cybersecurity program.

Victims are targeted and "only crucial assets and resources are infected in each targeted network".

A source with knowledge of the attack described it as "extremely broad" in scope and believed to have been carried out to disable infrastructure, as opposed to steal information.

Clifford Neuman, director of the University of Southern California's Center for Computer Systems Security, said that Ryuk appears to have surfaced in mid-2018.

Unlike some ransomware, which spreads like a virus or worm, Ryuk "tends to trick an individual into downloading or clicking on a particular link, or visiting a website," Neuman said.

It can also gain access to systems through poorly protected remote access, said Stephen Cobb, a senior security researcher at Eset, an internet security company.

He said Ryuk often targets organisations with deep pockets that need immediate access to its files or software.

"Ryuk has typically been used to extort money but it could be used in a purely destructive manner," Cobb said.

While it's suspected the cyberattack on the newspaper companies originated from outside the United States, such assaults are notoriously difficult to attribute with accuracy.


2 min read

Published

Source: AAP



Share this with family and friends


Get SBS News straight to your inbox

Sign up now for daily news from Australia and around the world. You can also subscribe to Insight's weekly newsletter for in-depth features and first-person stories.

By subscribing, you agree to SBS’s terms of service and privacy policy including receiving email updates from SBS.

Follow SBS News

Download our apps

Listen to our podcasts

Get the latest with our News podcasts on your favourite podcast apps.

Watch on SBS

SBS World News

Take a global view with Australia's most comprehensive world news service

Stream now

Watch the latest news videos from Australia and across the world