The malware was discovered and later quarantined on Friday, but the security patches failed to hold when the servers were brought back online and the ransomware began to re-infect the network and impact servers used for news production and manufacturing processes. A Tribune spokesperson said the malware “impacted some back-office systems, which are primarily used to publish and produce newspapers across our properties.”
The Los Angeles Times reported that the cyber attack is believed to have “originated from outside the United States, but officials said it was too soon to say whether it was carried out by a foreign state or some other entity.”
And an unnamed source claimed, “The attack was to disable infrastructure, more specifically servers, as opposed to looking to steal information.”
Print subscribers of affected newspapers ultimately received trimmed down versions that were delivered late — a full day in some cases — slimmed-down Saturday versions without paid classified ads or death notices were received on Sunday.
Print editions of the following Tribune Publishing newspapers were impacted by the cyber attack: the Chicago Tribune, the Baltimore Sun, the Orlando Sentinel, the New York Daily News, Lake County News-Sun, Post-Tribune, Hartford Courant, Capital Gazette, The Morning Call, the Daily Press, the Virginian-Pilot, and Carroll County Times.
The Los Angeles Times and San Diego Union Tribune, which were formerly part of Tribune Publishing newspapers, were also slammed by the ransomware.
Original report can be found on CSO.