'The Guardian' Is Hit By A Ransomware Attack

The Guardian has revealed that it was hit by a ransomware attack in December, the type of incursion that could affect any organization.  

The attack was confirmed to the staff  by Anna Bateson, chief executive of the Guardian Media Group, and Katharine Viner editor-in-chief of the Guardian, in an email on Wednesday afternoon.  

They described the incident as a “highly sophisticated cyber-attack involving unauthorized third-party access to parts of our network.” 

The publication has informed the UK’s Information Commissioner’s Office and the UK police.  

The attack, which was discovered on December 20, was probably triggered by an email phishing attempt in which the victim is tricked, downloading malware.

According to the Guardian, the attack affected parts of the 

advertisement

advertisement

the company’s technology infrastructure. Most of the staff has been working from home since the attack, but has been able to produce the daily newspaper. Online publishing has been unaffected.

The Guardian does not believe that the personal data of readers and subscribers has been accessed, and states that the risk of fraud is low.

However, the incident prompted immediate comments by security experts. 

“This is a lesson that no matter the industry you are in, you are a target for ransomware,” says Erich Kron, security awareness advocate at KnowBe4. “The initial infection vector here, email phishing, is one of the most common and successful attack types when it comes to ransomware.” 

Kron continues, “To prepare for ransomware, organizations should ensure they have good, tested, and off-line backups, and should ensure they are educating their staff on how to identify and report phishing emails. In addition, data loss prevention (DLP) controls are critical as bad actors often steal data and use the threat of releasing it publicly to extort victims.”

Javvad Malik, security awareness advocate at KnowBe4, adds, “Ransomware can have an impact on any type of organization, regardless of size.”  

Malik continues, “In this particular case it appears that phishing was the root cause, making it even more important for organizations to cultivate a culture of security so that their staff are less likely to fall victim to these kinds of attacks. The impact that this attack could have on staff can be huge and may have long-lasting implications.”

 

 

Next story loading loading..