Tampa Bay Times hit by ransomware attack

No customer information was compromised. The Times is removing the malicious code.
The Tampa Bay Times' headquarters in downtown St. Petersburg.
The Tampa Bay Times' headquarters in downtown St. Petersburg. [ CHRIS URSO | Times ]
Published Jan. 23, 2020|Updated Jan. 24, 2020

The Tampa Bay Times was attacked by ransomware Thursday, making it the latest news organization hit by the crippling software.

Ransomware is malicious code that an attacker uses to encrypt a victim’s computers or servers before demanding a ransom to unlock those systems.

“We’ve been able to recover pretty much all of our primary systems,” Times chief digital officer Conan Gallaty said Friday. “This is something that’s been a nuisance more than anything.”

Ransomware infects machines through a variety of methods, such as malware hidden in targeted emails or by exploiting software vulnerabilities. It’s unclear how the attack on the Times was carried out, Gallaty said, but he does not believe the news organization was specifically targeted.

“The focus for us is to fully recover and then work on further preventative measures,” he said.

No data was breached. Sensitive information such as customer addresses and payment cards were not affected, Gallaty said. That information is stored securely outside of the network.

The Times did not respond to a message from the attackers. Gallaty said the Times would not have paid whatever ransom was demanded. The affected systems will be fully restored from backups once the Times has ensured all of the malicious code is removed.

The ransomware the Times was hit with is called “Ryuk,” a strain that is used to target large businesses and agencies. Security research firms CrowdStrike and Malwarebytes say the strain is likely of Russian origin, and said it is likely associated with a Russian cybercriminal group named “Wizard Spider;” Malwarebytes said it may also be associated with a “Russian-speaking” group named CryptoTech.

This particular ransomware was first discovered in 2018 and has wreaked havoc on businesses and government agencies around the country, including several news publications. Its first known victim was Tribune Publishing, when the software affected the newspaper printing operations for the conglomerate’s publications.

Among those affected were the Chicago Tribune and the South Florida Sun Sentinel. The Los Angeles Times and San Diego Union-Tribune also shared the printing networks at the time of the attack.

“They’re looking at the people that have the most to lose,” said JP Taggart, a senior security researcher at Malwarebytes.

For any ransomware that hits a large business, the fee can be hefty.

The FBI issued a public service announcement in October warning businesses about ransomware, and urged victims to report any incidents at

“You want to be diligent (about) which emails you open,” said Stacy Arruda, executive director of the Florida Information Sharing & Analysis Organization. “Pay attention to what you’re seeing.”