{
	"id": "fd1687f3-7e7b-45e8-92ac-a45b32c0dcb7",
	"created_at": "2026-04-06T02:11:58.481362Z",
	"updated_at": "2026-04-10T03:20:56.608171Z",
	"deleted_at": null,
	"sha1_hash": "79c67339520d07f7fe0ea6056fd9f22e575fe5de",
	"title": "Tampa Bay Times hit by Ryuk, new variant of stealer aimed at gov’t, finance",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2881798,
	"plain_text": "Tampa Bay Times hit by Ryuk, new variant of stealer aimed at\r\ngov’t, finance\r\nBy Teri Robinson\r\nPublished: 2020-01-28 · Archived: 2026-04-06 02:06:33 UTC\r\nContent\r\nJanuary 27, 2020\r\nOn the heels of a Ryuk ransomware attack on the Tampa Bay Times, researchers reported a new variant of the\r\nRyuk stealer being aimed at government, financial and law enforcement targets.\r\nThe Times attack didn’t result in a breach, noted David Ruiz, 0f Malwarebytes Labs, who cited the Times\r\nPublishing Company Chief Digital Officer Conan Gallaty as saying not only did the paper not respond to the\r\nattackers, it wouldn’t have paid a ransom. Ryuk has been on the rise taking down systems in Lake City, Fla., and\r\nat DCH Health System in Alabama.\r\n“From January 1–23, 2020, Malwarebytes recorded a cumulative 724 Ryuk detections. The daily detections\r\nfluctuated, with the lowest detection count at 18 on January 6, and the highest detection count at 47 on January\r\n14,” Ruiz wrote in a blog post. “The ransomware frequently works in conjunction with Emotet and TrickBot in\r\nmulti-stage attacks. Those separate malware families have also been active in the new year, with small spikes into\r\nthe thousands of detections” and Emotet,in particular, kicking “into high gear” again on Jan. 13.\r\n“Ryuk malware has been evolved to make it especially dangerous as it targets government offices, the military and\r\nthe financial sector with a swiss army knife of malicious software that can penetrate desktops and into the network\r\nat a rapid speed,” said David Jemmett, CEO and founder of Cerberus Cybersecurity. “It is delivered in the form of\r\na phishing email with attachments designed to dump Trickbot onto the first machine and then deploy other pieces\r\nof malware like Emotet armed with mimicats to search out passcodes and credentials.”  \r\nMalwarebytes researchers also found a new variant of Ryuk Stealer aiming at stealing large volumes of sensitive\r\ndata from government, financial and law enforcement entities.\r\n\"This is an example of how malware is becoming more focused on specific sectors and information in order to\r\nefficiently steal the data with the most value, while minimizing the risk of being caught. While this specific\r\nmalware is a data exfiltrator, the same techniques are being applied to different strains of ransomware in order to\r\nencrypt the most valuable files with the least probability of detection,” said Erich Kron, security awareness\r\nadvocate at KnowBe4. “It's the difference between stealing the whole ATM machine versus just stealing the\r\nmoney that is in it.”   \r\nKron explained that using an “FTP to exfiltrate the data reinforces the need to not only filter incoming internet\r\ntraffic at the firewalls, but also to limit and monitor outbound traffic to required services,” adding that the FTP\r\nhttps://www.scmagazine.com/home/security-news/tampa-bay-times-hit-by-ryuk-new-variant-of-stealer-aimed-at-govt-finance/\r\nPage 1 of 4\n\nprotocol “is not needed by a majority of people, yet allows data exfiltration and even command and control\r\nchannels for malware.”\r\nConsidering the harm it could cause “compared to the typical usage within organizations, careful consideration\r\nshould be given to allowing FTP connections from corporate networks,\" he said.\r\nTeri Robinson\r\nRelated\r\nDevSecOps Scanning Challenges \u0026 Tips\r\nBill BrennerOctober 26, 2021\r\nThere are many ways to do DevSecOps, and each organization — each security team, even — uses a different\r\napproach. Questions such as how many environments you have and the frequency of deployment of those\r\nenvironments are important in understanding how to integrate a security scanner into your DevSecOps machinery.\r\nThe ultimate goal is speed […]\r\nhttps://www.scmagazine.com/home/security-news/tampa-bay-times-hit-by-ryuk-new-variant-of-stealer-aimed-at-govt-finance/\r\nPage 2 of 4\n\nIt Should Be ‘Cybersecurity Culture Month’\r\nBill BrennerOctober 19, 2021\r\nIt’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a\r\nfew activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially\r\nculture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on\r\nBusiness Security Weekly.“If your security awareness program […]\r\nhttps://www.scmagazine.com/home/security-news/tampa-bay-times-hit-by-ryuk-new-variant-of-stealer-aimed-at-govt-finance/\r\nPage 3 of 4\n\nGet daily email updates\r\nSC Media's daily must-read of the most current and pressing daily news\r\nSource: https://www.scmagazine.com/home/security-news/tampa-bay-times-hit-by-ryuk-new-variant-of-stealer-aimed-at-govt-finance/\r\nhttps://www.scmagazine.com/home/security-news/tampa-bay-times-hit-by-ryuk-new-variant-of-stealer-aimed-at-govt-finance/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.scmagazine.com/home/security-news/tampa-bay-times-hit-by-ryuk-new-variant-of-stealer-aimed-at-govt-finance/"
	],
	"report_names": [
		"tampa-bay-times-hit-by-ryuk-new-variant-of-stealer-aimed-at-govt-finance"
	],
	"threat_actors": [],
	"ts_created_at": 1775441518,
	"ts_updated_at": 1775791256,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/79c67339520d07f7fe0ea6056fd9f22e575fe5de.pdf",
		"text": "https://archive.orkl.eu/79c67339520d07f7fe0ea6056fd9f22e575fe5de.txt",
		"img": "https://archive.orkl.eu/79c67339520d07f7fe0ea6056fd9f22e575fe5de.jpg"
	}
}