Tampa Bay Times Struck by Ryuk Ransomware

American newspaper Tampa Bay Times has become the latest U.S. news organization to join the ranks of other major companies who had been hit by ransomware.

In a report published by Tampa Bay Times itself, the Florida-based organ disclosed it was hit by ransomware on Thursday, Jan 23. The malicious code, which was identified to be the strain called Ryuk, was reported to have infiltrated the company’s systems.

Conan Gallaty, Chief Digital Officer of Times, clarified that no data has been breached due to the incident, nor is there any piece of sensitive information – such as customer addresses and payment details – that has been compromised.

Tampa Bay Times Ransomware


“We’ve been able to recover pretty much all of our primary systems,” Gallaty explained. “This is something that’s been a nuisance more than anything.”

To date, it remains unclear how the attack occurred. However, Gallaty believes the organization was not specifically targeted.

“The focus for us is to fully recover and then work on further preventative measures,” he stated.

Discovered in 2018, the Ryuk ransomware comes as a relatively young strain that was notorious for its “big game hunting” that targets major companies and government agencies. Similar to other modern ransomware, Ryuk operates as a malicious code that infiltrates into a computer network and encrypts a victim’s computers or servers until a ransom is paid.

Since its debut in August of the said year, Ryuk had been targeting a range of enterprise organizations worldwide, with ransom payments ranging from 15 to 50 BTC.


It is not until December 2018 that the strain made its first major move against news companies by targeting the American newspaper print and online media publishing giant Tribune Publishing. Among those affected by the incident include the Chicago Tribune, the South Florida Sun Sentine, The Los Angeles Times, and the San Diego Tribune.

Among the signs of a Ryuk ransomware attack include the presence of ransomware notes, which usually contain specific instructions and two private email addresses to contact the attackers, as well as the .ryk file extension attached to names of the encrypted files.

According to Gallaty, the Times did not respond to the message of the attackers, nor does it plan to pay whatever ransom was demanded. As of to date, the company’s system shall be fully restored from backups once all of the malicious code has been eliminated.

The Florida-based newspaper did not provide the specifics on which systems or how many computers were affected by the attack.