Tampa Bay Times, which happens to be one of the renowned American newspapers has admitted formally that it has become a recent victim of a ransomware attack. However, the good news is that no data related to the publication was compromised in the incident and the IT staff are busy cleaning up the malicious file-encrypting code.
For those who don’t know much about the existing cyber threats, Ransomware is a kind of malware that infiltrates into a computer network and locks down data until a ransom is paid. Earlier, hackers used to just indulge in this activity. But from the past 6 months, they are also stealing data before encrypting a database so that they could sell that stolen data on the dark web to make money if the victim fails to pay or threaten the victim to sell the data to extract more sum. Furthermore, in recent times, hackers are seen devising ransomware in such a way that it also starts extracting credentials from the web browsers which includes passwords and other sensitive information stored in the cache.
Times digital officer Conan Gallaty has confirmed the news and assured that no card details and customer email addresses were accessed by the hackers in the incident.
Gallaty also confirmed that their publication is not going to entertain the hackers in any way and will just rely on backups for data restoration.
Sources from the Tampa Bay Times said that the daily newspaper was hit by a Ryuk ransomware which was developed by a state-funded hacking group named “Wizard Spider” from Russia. Security firms CrowdStrike and Malwarebytes have endorsed the incident. However, Malwarebytes has added in one of its recent statements that Ryuk evolution is also associated with another Russian group named CryptoTech.
Apart from the Tampa Bay Times, Chicago Tribune also became a victim of the same cyberattack in 2018 which infected other publications such as South Florida Sun-Sentinel, The Los Angeles Times and San Diego Tribune as all of them shared a common printing network.
Note- The FBI issued a warning in Oct’19 to report any incidents at www.IC3 dot gov. Initially, it also discouraged victims from paying the ransom to the hackers. However, in Dec’19 it changed its statement and urged victims to act accordingly and pay if the situation demands.