Multiple researchers are linking the Ryuk ransomware that disrupted the operations of multiple U.S. newspapers in late 2018 to the Emotet and TrickBot trojans. In so doing, some analysts have now also shifted blame for the attack from North Korean actors to cybercriminals, possibly from Russia, while others maintain that attribution efforts are premature.

Crowdstrike, FireEye, Kryptos Logic and McAfee Labs each reported this week that the Dec. 29 attack against the Tribune Company was part of a greater cybercriminal scheme that already has collected more than $3.7 million by targeting large enterprise-environment organizations with Ryuk.

The ransomware typically arrives as the final stage in a chain of infections that starts with Emotet, which in turn yields TrickBot as a secondary payload. (However, FireEye says some organizations were instead directly infected with TrickBot.) Researchers have confirmed that the actors used phishing emails as an attack vector.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.