While it did not appear to limit the online or offline publication, a ransomware attack that The Guardian characterized as “serious” hit company offices at Kings Place and reportedly impacted the office WiFi, VPN, and business systems.
Staff was sent to work from home for the week, and there was at least some initial risk to the print edition of the paper (though in-house IT staff were apparently able to get it under control). There is still no word on who the perpetrator might be or if a ransom demand was made.
Newspapers increasingly under fire, but ransomware attacks still somewhat unusual
Attacks on major newspapers were not exactly uncommon in 2022, but ransomware attacks are still something of an oddity. Media outlets have become increasingly targeted by nation-state spies looking to gather intelligence, and crude vandals either issuing a political message or just seeking a cheap thrill.
The Guardian incident follows an attack on Rupert Murdoch’s News Corp early in the year that was linked to Chinese state-backed hackers; the media conglomerate was targeted again in October, though that attack was a vandalism campaign that the New York Post claimed was conducted by a bitter former employee. Apple News readers of Fast Company might have noticed a similar vandalism spree in September.
While newspapers can be valuable to spies looking for confidential information and the identities of anonymous sources, they generally aren’t the first pick for ransomware attacks. And The Guardian appears to still not be entirely certain that it was a ransomware attack, though the only alternate possibility that would have damaged internal systems and sent staff home would have been a malware wiper. A wiper attack could have a political motivation, or criminals could have first stolen data and then wiped out local copies to increase pressure on the organization.
Investigation Into The Guardian ransomware attack continues
The Guardian continues to investigate the apparent ransomware attack, with the only public information being that internal IT infrastructure was impacted to some degree and it was bad enough to clear an office out for the week.
Given that information has not surfaced on the dark web, it is unclear if we will end up learning any more about the ransomware attack. Some recent studies have found that nearly half of ransomware attackers are now engaging in “double extortion” tactics, so it is unusual that no information has emerged. This could indicate that a payment was quietly negotiated, that the attackers did not exfiltrate any data of value before they were stopped, or that it wasn’t a ransomware attack at all.
A Guardian employee has told the Telegraph that the paper may not have reported the incident to the National Cyber Security Centre as of yet, and that the VPN was impacted in spite of employees continuing to work from home and put all editions of the paper out. Staff at the Kings Place office also reportedly had to switch from office desktops to laptops and mobile phones for a time in the immediate wake of the attack.