Foreign Malware Strikes Chicago Tribune, Newspapers Nationwide

CHICAGO — A cyberattack from abroad caused disruptions to the publication of newspapers across the country over the weekend. Distribution of print editions in several major U.S. markets was impacted by an infection of suspected foreign malware, which prevented the publication of Saturday print editions.

"Every market across the company was impacted," said Marisa Kollias, spokesperson for Tribune Publishing, which owns The Chicago Tribune, Baltimore Sun, Annapolis Capital-Gazette, Hartford Courant, New York Daily News, Orlando Sentinel and Fort Lauderdale Sun-Sentinel.

"This issue has affected the timeliness and in some cases the completeness of our printed newspapers," Kollias said. In a statement, the company said personal data of subscribers was not compromised in the attack.

Chicago Tribune print editions went out Saturday without paid death notices and classified ads.

Saturday editions of suburban Chicago area newspapers affected by the cyberattack, including the Lake County News-Sun and Post-Tribune, were due to be delivered Sunday, the Tribune reported.

The Los Angeles Times, which was sold by Tribune Publishing in June along with the San Diego Union-Tribune but still shares a production platform, reported staff became aware of the malware attack around midnight on Thursday night.

The Southern California editions of the New York Times and the Wall Street Journal, which share a printing facility with the Los Angeles Times, were also impacted by the hack.

A source who was not authorized to comment publicly on the investigation told the Los Angeles Times it appeared the attack was carried out by an foreign entity.

“We believe the intention of the attack was to disable infrastructure, more specifically servers, as opposed to looking to steal information,” the source said.

People with knowledge of the attack told the Times the virus appeared to be a form of ransomware dubbed "Ryuk," which first emerged over the summer.

According to a report from computer security company CheckPoint, the "Ryuk" ransomware netted attackers more than $640,000 in its first two weeks. Checkpoint researchers linked its source code to the "Lazarus Group," a team of state-sponsored North Korean hackers blamed for the cyberattack that severely disrupted Sony Pictures Entertainment in November 2014.

Patch editor Paige Austin and City News Service contributed
Top photo by Scott Olson/Getty Images