The Guardian ransomware attack hits week two as staff told to work from home
UK data watchdog would like a word over failure to systems
Updated Long-standing British newspaper The Guardian has told staff to continue working from home and notified the UK's data privacy watchdog about the security breach following a suspected ransomware attack before Christmas.
The publication broke the news about the "serious IT incident" on its systems on December 21, and said the attack affected parts of the company's technology infrastructure. At the time, it told staff to work from home.
"We believe this to be a ransomware attack but are continuing to consider all possibilities," The Guardian Media Group Chief Executive Anna Bateson and Editor-in-Chief Katharine Viner told staff last month.
Since then, the newspaper has notified Britain's Information Commissioner's Office (ICO) about the breach. "Guardian News and Media has made us aware of an incident and we are making enquiries," an ICO spokesperson told The Register.
According to the ICO's rules, organizations must notify the government agency within 72 hours of discovering a ransomware attack.
Also this week, The Guardian confirmed that most of its staff in the UK, US and Australia will continue working from home until at least January 23.
"As we previously announced, the Guardian's systems have been subject to a serious network disruption," a spokesperson told The Register. "We have been able to keep publishing our journalism digitally and in print, but a number of key IT systems have been affected. The work to restore our systems fully is ongoing and will take some weeks. We have asked most staff to work from home for the next three weeks to allow our technical teams to focus on essential technical work."
The spokesperson declined to answer any additional questions about the security incident.
- UK's Guardian newspaper breaks news of ransomware attack on itself
- This ransomware gang is a right Royal pain in the AES for healthcare orgs
- Rackspace confirms ransomware attack behind days-long email meltdown
- LockBit: Sorry about the SickKids ransomware, not sorry about the rest
So far, none of the usual suspects have claimed responsibility for the purported ransomware attack.
However, ransomware gangs including LockBit have been especially busy over the past month, with that group of criminals attacking (and then apologizing for attacking) Canada's largest children's hospital and Los Angeles' public housing authority, among others.
At least 219 local governments, health-care providers, colleges, universities and school districts in the US alone were victims of ransomware attacks last year, according to numbers published this week by Emsisoft Malware Lab.
The security firm has reportedly similarly high stats in its earlier reports since 2019. "The fact that there seems not to have been any decrease in the number of incidents is concerning," report authors said.
Additionally, a report [PDF] by the Financial Crimes Enforcement Network (FinCEN), part of the US Treasury, found that the impact of ransomware attacks — measured in Bank Secrecy Act filings — hit $1.2 billion 2021, up 188 percent compared with 2020. ®
Updated to add on January 11
The Guardian has confirmed that its December security incident was, in fact, a ransomware attack and that UK staff personal information was stolen.
Personal data belonging to readers and subscribers as well as US and Australian staff was not accessed, according to a report in newspaper itself.
Guardian Media Group's chief executive Anna Bateson, and the Guardian's editor-in-chief Katharine Viner, in an email to the paper's staff called the IT breach a "highly sophisticated cyber-attack involving unauthorized third-party access to parts of our network," probably triggered by a phishing attempt.