{
	"id": "1f389fed-d735-4daf-a44e-ada4a9cafbf5",
	"created_at": "2026-04-06T00:21:13.19113Z",
	"updated_at": "2026-04-10T03:20:39.083416Z",
	"deleted_at": null,
	"sha1_hash": "606d93b6499ab6fbf1628e6dc38b6ec96f7c8698",
	"title": "Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S. - Los Angeles Times",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45401,
	"plain_text": "Malware attack disrupts delivery of L.A. Times and Tribune\r\npapers across the U.S. - Los Angeles Times\r\nBy Emily Alpert Reyes\r\nPublished: 2018-12-30 · Archived: 2026-04-05 22:20:18 UTC\r\nWhat first arose as a server outage was identified Saturday as a malware attack, which appears to have originated\r\nfrom outside the United States and hobbled computer systems and delayed weekend deliveries of the Los Angeles\r\nTimes and other newspapers across the country.\r\nTechnology teams worked feverishly to quarantine the computer virus, but it spread through Tribune Publishing’s\r\nnetwork and reinfected systems crucial to the news production and printing process. Multiple newspapers around\r\nthe country were affected because they share a production platform.\r\nThe attack delayed distribution of Saturday editions of the Los Angeles Times and San Diego Union Tribune. It\r\nalso stymied distribution of the West Coast editions of the Wall Street Journal and New York Times, which are\r\nprinted at the Los Angeles Times’ Olympic printing plant in downtown Los Angeles.\r\nBy Saturday afternoon, the company suspected the cyberattack originated from outside the United States, but\r\nofficials said it was too soon to say whether it was carried out by a foreign state or some other entity, said a source\r\nwith knowledge of the situation.\r\n“We believe the intention of the attack was to disable infrastructure, more specifically servers, as opposed to\r\nlooking to steal information,” said the source, who spoke on condition of anonymity because he was not\r\nauthorized to comment publicly. The source would not detail what evidence led the company to believe the breach\r\ncame from overseas.\r\nForeign cyberattack hits newspapers: Here is what we know »\r\nTribune Publishing said in a statement Saturday that “the personal data of our subscribers, online users, and\r\nadvertising clients has not been compromised. We apologize for any inconvenience and thank our readers and\r\nadvertising partners for their patience as we investigate the situation.”\r\n“Every market across the company was impacted,” said Marisa Kollias, spokeswoman for Tribune Publishing. She\r\ndeclined to provide specifics on the disruptions, but the company’s properties include the Chicago Tribune;\r\nBaltimore Sun; Capital Gazette in Annapolis, Md.; Hartford Courant; New York Daily News; South Florida Sun\r\nSentinel and Orlando Sentinel.\r\nNo other details about the origin of the attack were immediately available and the motive remained unclear.\r\nTribune Publishing sold The Times and the San Diego Union-Tribune to Los Angeles biotech entrepreneur Dr.\r\nPatrick Soon-Shiong in June, but the two companies continue to share various systems, including software.\r\nhttps://www.latimes.com/local/lanow/la-me-ln-times-delivery-disruption-20181229-story.html\r\nPage 1 of 4\n\nIt’s unclear how many Times subscribers were impacted by late deliveries and the paper could not provide firm\r\nnumbers, but a source said that a majority received their papers Saturday morning, albeit several hours late. The\r\nTimes said that print subscribers who did not get their papers Saturday would receive them with their regularly\r\nscheduled delivery of the Sunday edition.\r\n“We apologize to our customers for this inconvenience,” The Times said in a statement. “Thank you for your\r\npatience and support as we respond to this ongoing matter.”\r\nThe Times and the San Diego paper became aware of the problem near midnight on Thursday. Programmers\r\nworked to isolate the bug, which Tribune Publishing identified as a malware attack, but at every turn the\r\nprogrammers ran into additional issues trying to access a myriad of files, including advertisements that needed to\r\nbe added to the pages or paid obituaries.\r\nAfter identifying the server outage as a virus, technology teams made progress Friday quarantining it and bringing\r\nback servers, but some of their security patches didn’t hold and the virus began to reinfect the network, impacting\r\na series of servers used for news production and manufacturing processes.\r\nBy late Friday, the attack was hindering the transmission of pages from offices across Southern California to\r\nprinting presses as publication deadlines approached.\r\nAt one point, Times staffers were making contingency plans to hand-deliver pages from the editorial offices in El\r\nSegundo to its Olympic printing plant in downtown Los Angeles. Working through the problems created a logjam\r\nat the plant, and the resulting cascade of delays pushed back printing and delivery.\r\nSan Diego was particularly hard hit by the problem, in large part because of the paper’s position in the press run.\r\nBetween 85% and 90% of the Saturday edition of the Union-Tribune did not reach subscribers on Saturday\r\nmorning, said Jeff Light, publisher and editor of the San Diego Union-Tribune.\r\n“Papers that should have arrived in San Diego around 3 a.m. to 4 a.m. instead arrived at 7 a.m. and 8 a.m.” Light\r\nsaid. Because the newspaper relies on independent contractors to deliver the paper to neighborhoods, many of\r\nthose people were not available later in the day to do the deliveries.\r\nThe first signs of trouble at the Union-Tribune came late Thursday night when sports editors tried to send\r\ninformation, via digital files, to the plate-making facility. But those digital files which contain information that\r\nultimately becomes the pages of the newspaper would not transmit to the plate-making process. Editors seemed to\r\nbe locked out of the system, having to perform work-arounds.\r\nThe transmission of community editions, including the Glendale News Press and Burbank Leader, also appeared\r\nin doubt Friday night. Ultimately, a page designer in Orange County figured out he could send all the community\r\npapers’ news pages from his unaffected computer, said John Canalis, executive editor of Times Community News.\r\nThe problem caused widespread issues in South Florida, one of Tribune Publishing’s major markets. The South\r\nFlorida Sun Sentinel told readers that it had been “crippled this weekend by a computer virus that shut down\r\nproduction and hampered phone lines,” according to a story on its website.\r\nhttps://www.latimes.com/local/lanow/la-me-ln-times-delivery-disruption-20181229-story.html\r\nPage 2 of 4\n\nMalware attacks are extremely common, affecting millions of computers in homes, offices and other organizations\r\nevery day, said Salim Neino, chief executive of the company Kryptos Logic.\r\nIn some cases, dubbed “ransomware,” the attackers disable the system and demand money, said Neino, whose\r\ncompany tackled a major ransomware attack called WannaCry last year.\r\nIn other instances, the goal is simply to disrupt or “break stuff” by wiping systems, Neino said. Malware has also\r\nbeen used to quietly infect computers and then sell access to other cybercriminals, who can steal banking\r\ncredentials or exploit other valuable information, Neino said.\r\nSeveral individuals with knowledge of the Tribune situation said the attack appeared to be in the form of “Ryuk”\r\nransomware. One company insider, who was not authorized to comment publicly, said the corrupted Tribune\r\nPublishing computer files contained the extension “.ryk.”\r\n“Ryuk” attacks are “highly targeted, well-resourced and planned,” according to an August advisory by the U.S.\r\nDepartment of Health and Human Services’ cybersecurity program. Victims are deliberately targeted and “only\r\ncrucial assets and resources are infected in each targeted network.”\r\nIt was unclear whether company officials have been in contact with law enforcement regarding the suspected\r\nattack. But Katie Waldman, a spokeswoman for the Department of Homeland Security, said “we are aware of\r\nreports of a potential cyber incident effecting several news outlets, and are working with our government and\r\nindustry partners to better understand the situation.”\r\nTribune declined to comment on the specifics of the malware attack.\r\nNeino also said that tracking the identity of attackers can be difficult since malware code is often freely distributed\r\nonline.\r\nFor instance, even if an attack appears to be Russian because of the “malware family traits,” Neino said, “code\r\nstill could have been sourced, weaponized and deployed by an actor who downloaded it from an underground\r\nforum anywhere in the world.”\r\nPam Dixon, executive director of the World Privacy Forum, a nonprofit public interest research group, said that\r\n“usually when someone tries to disrupt a significant digital resource like a newspaper, you’re looking at an\r\nexperienced and sophisticated hacker.”\r\nDixon added that the holidays are “a well known time for mischief” by digital troublemakers, because\r\norganizations are more thinly staffed.\r\n“It’s an optimal time to attack a major target,” she said.\r\nThe highest-profile cyberattack of a media company was in late 2014 at Sony Pictures Entertainment in Culver\r\nCity. Hackers, which the FBI later determined were affiliated with the North Korean government, broke into Sony\r\nPictures’ computer system and copied huge chunks of data, which they later posted online for the world to see.\r\ntony.barboza@latimes.com\r\nhttps://www.latimes.com/local/lanow/la-me-ln-times-delivery-disruption-20181229-story.html\r\nPage 3 of 4\n\nmeg.james@latimes.com\r\nemily.alpert@latimes.com\r\nMore to Read\r\nSource: https://www.latimes.com/local/lanow/la-me-ln-times-delivery-disruption-20181229-story.html\r\nhttps://www.latimes.com/local/lanow/la-me-ln-times-delivery-disruption-20181229-story.html\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.latimes.com/local/lanow/la-me-ln-times-delivery-disruption-20181229-story.html"
	],
	"report_names": [
		"la-me-ln-times-delivery-disruption-20181229-story.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434873,
	"ts_updated_at": 1775791239,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/606d93b6499ab6fbf1628e6dc38b6ec96f7c8698.pdf",
		"text": "https://archive.orkl.eu/606d93b6499ab6fbf1628e6dc38b6ec96f7c8698.txt",
		"img": "https://archive.orkl.eu/606d93b6499ab6fbf1628e6dc38b6ec96f7c8698.jpg"
	}
}