Cyber Incident Victim: Tampa Bay Times

On January 24, 2020, the Tampa Bay Times experienced a Ryuk ransomware attack targeting its systems. The attack involved a multi-stage infection process commonly associated with Ryuk, which frequently operates alongside Emotet and TrickBot malware families. According to Malwarebytes Labs, the ransomware did not successfully breach the organization's data or systems. Tampa Bay Times Publishing Company Chief Digital Officer Conan Gallaty confirmed the company did not engage with the attackers or pay any ransom demand. The incident occurred amid heightened Ryuk activity in early 2020, with Malwarebytes recording 724 detections between January 1-23, peaking at 47 detections on January 14. This attack followed recent Ryuk incidents affecting municipal systems in Lake City, Florida, and the DCH Health System in Alabama.

Security researchers observed that Ryuk's operators had developed new variants specifically targeting government agencies, financial institutions, and law enforcement organizations during this period. The malware typically deployed through phishing emails containing malicious attachments designed to install TrickBot, which then facilitated further payloads like Emotet. Cerberus Cybersecurity CEO David Jemmett described Ryuk as evolving into a "swiss army knife" capable of rapidly penetrating desktop systems and networks. KnowBe4's Erich Kron noted the malware's focus on high-value data exfiltration through FTP protocols, emphasizing that such attacks prioritized stealing specific valuable information rather than indiscriminate data collection. The Tampa Bay Times incident demonstrated ransomware's continued adaptation toward sector-specific targeting while highlighting organizational resistance to ransom demands despite operational disruptions. Security professionals concurrently warned about Ryuk's increased sophistication in bypassing detection mechanisms and its persistent use of legacy protocols like FTP for data exfiltration from corporate networks.