Ryuk, a malware software suspected to have been from this weekend’s assault that hobbled nationwide newspapers like The San Diego Union-Tribune, is a complex twist to an extortionate classic.
When Ryuk enters a network, it spreads instantly from computer to machine, node to node, and encrypts important files along the way with an unbreakable code.
This bit of code has tried to throw a spanner into the news operations of Tribune Publishing, which underground its publishing plant and those of the Los Angeles Times and the Government-Tribune. The Times and Union-Tribune are no longer controlled by Tribune Publishing — Dr. Patrick Soon-Shiong acquired them in June but still, share several structures.
The issue came up when Government-Tribune sports reporters struggled to send finished papers to the print facility. It spread quickly over the next day, impeding the delivery of the Times and Government-Tribune Saturday versions, as well as articles in the Washington Post and New York Times versions in Florida, Chicago and Connecticut, and the West Coast, which are published in downtown Los Angeles.
The production and distribution issues were largely solved by Monday, said Marisa Kollias, Tribune Authoring’s spokeswoman. The business wouldn’t confirm it’s been especially affected by Ryuk or a general ransomware attack.
Ryuk himself appeared on the cybersecurity experts horizon in August when five initial victims were identified by the security analysts MalwareHunterTeam.
Despite the similarities in the code, it is extremely difficult to determine the origin of an attack, as is the establishment of any relations with state actors. Probably the only way to do that is to locate the code on their machines until you go in and invade someone and kick down their door and steal their devices, “said Clifford Neuman, director of the Institute for Computer System Security at USC. “That’s the only way to explain it completely.”
Ryuk’s name appears to be a reference to a role in the popular animation and manga series “Death Note.” In the series, Ryuk is a death demon who, dissatisfied with his immortality, wants to bring a journal into the planet that allows his finder to destroy someone by writing his name.
Ben Herzog, a security researcher with Check Point said, Ryuk is distinct, “Ryuk is a fairly ‘artisanal’ malware,” which is used to attack particular businesses with no destructive tolerance, such as hospitals, ports, and now obviously newspapers.
Malware and those who spread it have been engaged in an arms race with safety systems and researchers ever since emerging as a mainstream phenomenon over the past few years. As a result, both became more sophisticated.
“The early [assaults] were really simple, and they only encrypted the files that the individual had access to,” Neuman said. New models will take advantage of established security vulnerabilities to switch from user to user and access more protected files along the way.