The Tribune A truck is parked outside the Los Angeles Times Olympic Facility in Los Angeles, Sunday, Dec. 30, 2018. A computer virus hit the newspaper printing plant in Los Angeles, and at Tribune Publishing newspapers across the country. (AP Photo/Damian Dovarganes) more > Print By - Associated Press - Sunday, December 30, 2018

LOS ANGELES (AP) - The origins of a suspected computer attack that disrupted the Los Angeles Times and Tribune Publishing newspapers remained unclear Sunday after causing delivery delays and being brought to the attention of federal investigators.

San Diego Union- Tribune Publisher Jeff Light described the incident as “what now seems to have been a malicious attack on the company by computer hackers” in a message posted to the newspaper’s website. He told readers the disruption had mostly seemed to have been brought under control.

The suspected attack prevented the Chicago Tribune, the Baltimore Sun and other papers from publishing paid death notices and classified ads Saturday. But Tribune Publishing has said no news websites were affected and no customer information was compromised.

Katie Waldman, a spokeswoman for the Department of Homeland Security, said in an email Sunday that the agency was “aware of reports of a potential cyber incident” affecting several news outlets. She said the department is “working with our government and industry partners to better understand the situation.”

The Los Angeles Times, citing “several individuals with knowledge of the Tribune situation,” reported that the attack appeared to be in the form of “Ryuk” ransomware. Tribune Publishing sold the Los Angeles Times and the San Diego Union-Tribune earlier this year for $500 million to biotech billionaire Dr. Patrick Soon-Shiong, but the companies continue to share software, according to the newspaper.

An advisory by the U.S. Department of Health and Human Services’ cybersecurity program earlier this year described “Ryuk” attacks as “highly-targeted, well-resourced and planned.”

Mark Weatherford, a former DHS deputy under secretary for cybersecurity who is now chief cybersecurity strategist at California-based vArmour, said Sunday that phishing links are the most common way such attacks gain entry.

“It’s fairly non-discriminatory. This could happen to anybody, although it seems to be more of a targeted attack,” Weatherford said. He added, however, that it was too early to draw conclusions.

Tribune Publishing also reported the attack to the FBI on Friday, the Chicago Tribune said. The FBI did not immediately return a message seeking comment Sunday.

Copyright © 2018 The Washington Times, LLC. The Washington Times Comment Policy The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.

Click to Read More and View Comments Click to Hide