The popular Florida newspaper suffered a ransomware attack on Thursday, making it the latest victim of the notorious Ryuk ransomware family.
Tampa Bay Times reported that the attack itself did not result in any breached data. Sensitive customer information such as payment card details and customer addresses were not affected as the information is stored securely outside of the network.
Chief digital officer of the Tampa Bay Times, Conan Gallaty announced that they were able to recover nearly all of its primary systems, stating: “This is something that’s been a nuisance more than anything.”
The newspaper is currently in the process of removing the ransomware from its systems.
Tampa Bay Times did not respond to the threat actors, to which Gallaty said that they would have refused any ransom payment demanded.
The newspaper was struck by “Ryuk”, a ransomware notorious for targeting large businesses and agencies. Ryuk has previously targeted numerous newspapers and news agencies in the US last year, including The Wall Street Journal, Los Angeles Times, San Diego Union-Tribune and The Chicago Tribune.
Just earlier this month, the US Coast Guard announced that it had been struck by Ryuk ransomware, forcing them to shut down a maritime facility for 30 over 30 hours.
Additionally, in November the National Veterinary Associates (NVA) was also hit by Ryuk, impacting 400 clinics across the US.
Ryuk has been on the rise, to which according to new Malwarebytes data, “From January 1–23, 2020, Malwarebytes recorded a cumulative 724 Ryuk detections. The daily detections fluctuated, with the lowest detection count at 18 on January 6, and the highest detection count at 47 on January 14.”
“Ryuk malware has been evolved to make it especially dangerous as it targets government offices, the military and the financial sector with a swiss army knife of malicious software that can penetrate desktops and into the network at a rapid speed,” said David Jemmett, CEO and founder of Cerberus Cybersecurity, to SC Magazine. “It is delivered in the form of a phishing email with attachments designed to dump Trickbot onto the first machine and then deploy other pieces of malware like Emotet armed with mimicats to search out passcodes and credentials.”