A Ryuk-based attack affected publication of the Los Angeles Times and newspapers across the country using Tribune Publishing software. It appears that the malware was installed via a phishing attack.
Things were so bad even the phone system was impacted. The LA Times was unable to publish their newspaper or even maintain their website.
It appears that this new ransomware attack suggests security companies are going to have to rethink how to recover. Paying a ransom only emboldens the criminal activity.
In the UK, the National Cyber Security Centre notes that Ryuk uses Trickbot computer malware to install itself, once access is gained to a network’s servers. It has the capability to defeat many anti-malware countermeasures that may be present and can completely disable a computer network. It can even seek out and disable backup files if kept on shared servers.
Ryuk is an especially pernicious type of malware because it also finds and encrypts network drives and resources. It also disables the System Restore feature of Microsoft Windows that would otherwise allow restoring the computer’s system files, applications, and Windows Registry to their previous, unencrypted state.