logo of The Guardian

The Guardian hit by “ransomware attack”

On Tuesday December 20, 2022 British newspaper The Guardian experienced a major IT security incident that crippled a part of its IT infrastructure. The suspected cause is ransomware.

In an online article the newspaper published an internal statement from the chief executive and the editor-in-chief that says:

“We believe this to be a ransomware attack but are continuing to consider all possibilities.”

The disruption seems to have been limited to internal systems and services. Apparently the incident disabled at least a part of the internal network as employees were asked to stay at home and not use the VPN to log in. The staff that had to work from the office relied on using their phones as hotspots.

The attack didn’t affect the website and apps which continued to publish stories. The Guardian also stated they were confident that they would be able to publish in print today.

Ransomware

There have been no claims from any of the predominant ransomware groups yet, but this could be due to ongoing negotiations. Because of this uncertainty it’s also unclear whether the attackers behind the incident are one of the many groups that also exfiltrate data.

However, a newspaper with that many subscribers would make for a huge target. Not too mention the possible sensitive information that could be found in ongoing investigations that the journalists are working on. It could be devastating to see that sort of information published on a leak site. The same would be true for any scoops the journalists might be working on.

How to avoid ransomware

Unfortunately many organizations keep falling victim to ransomware. And due to the lack of adequate, recent, and actionable backups, they end up with no other choice.

To avoid falling victim, there are some basic precautions organizations can take:

  • Install patches as soon as possible, especially for internet facing devices
  • Run an anti-virus/anti-malware solution that actively monitors and scans your systems
  • Limit internet access to critical devices and systems where possible
  • Ask the same prudence of your service providers
  • Maintain offsite, offline backups and test that you can restore from them

Train your staff so they have the information they need to:

If and when we find out more about this attack, we will keep you posted here.

Stop ransomware

.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.