McAfee assesses that the ransomware attacks that hobbled the distribution of the Los Angeles Times and other Tribune papers in late December were carried out by a criminal group, not a nation, as the Times itself had reported.
The intrigue: Attackers used Ryuk ransomware, a variant of Hermes ransomware that has been used by the North Korean Kim Jong-un regime to funnel cash to the nation. But McAfee notes that Ryuk and Hermes have each been offered commercially on a Russian hacker forum, which appears to be the source of recent infections. That doesn't mean it's impossible for North Korea to be behind the Tribune attacks, but Ryuk's use alone doesn't strongly suggest the attack was from North Korea.