In mid-January 2023, The Guardian newspaper confirmed that it was hit by a ransomware attack back in December 2022. Hackers exploited the data of some UK-based employees. It also inhibited some of the functions of the media group. It was difficult for employees to carry out their work, and for the company to publish newspapers following the attack. The severity of this cyber attack emphasizes the importance for businesses to protect their networks in order to protect their people; not just to protect their data in general but to keep their employees and readers safe.
Ransomware is a type of malicious software that hackers use to gain access to another network or computer system. Hackers try to deploy ransomware via a myriad of ways, for instance through email, perhaps with a phishing scam. They would send a fraudulent link that appears real to get the recipient to click it and download malware. Ransomware is different from typical malware as it uses encryption to “lock” data, files, documents, and more. In order for the ransomware victim to receive their information back, they must pay a pricey “ransom fee.” These fees can vary and are typically pretty high for a lot of targeted industries (ex. healthcare and finance) and companies, including big organizations.
The Guardian’s chief executive, Anna Bateson, and editor-in-chief, Katharine Viner, described the ransomware attack as a “highly sophisticated cyber-attack involving unauthorized third-party access to parts of [their] network.” They also believe the attack was a phishing attempt, where attackers tried to trick a victim into downloading malware. Not much else has been released about the specific details regarding the attack, such as the hacker group involved.
The ransomware attack was first detected on December 20, 2023. It affected some parts of the company’s technological infrastructure. At first, the actual creation and publication of the paper did not seem to be impacted too drastically. Staffers from the media team were informed that offices would remain shut down for at least a month (until late January/early February) to recover from the attack. This is so that the IT staff can focus on restoring and securing the network following the ransomware attack. The ransomware attack had a pretty significant impact on The Guardian’s complete functionality, considering the month-long shutdown, as well as recent information that the company released.
How did it affect employees and the public?
The ransomware attack on The Guardian caused some undeniable inconveniences for the company. No confidential information was exposed online immediately following the attack. However, later on, the company announced that hackers may have accessed data (see “Data Acquisition” below for more). Additionally, some of the inner workings of the media team’s publication was impacted negatively. One of The Guardian’s employees said the attack has, “been a total nightmare.”
According to the staffer, the printed paper was not published for several days following the attack. Employees seem concerned that some files and articles in production could have been harmed because of the attack. There was also a delay in the payroll system; not exactly something most people would be thrilled about. Anna Bateson states that the payroll system is now back on track. However, pension payments got delayed by some time and will be available later in the month.
Some of the Guardian’s older software and systems were more significantly impacted by the breach. This includes their printing system and expense records, which are still a bit glitchy after the incident. For example, columnist photo bylines disappeared in the printed articles following the attack. Although this was not a major issue that necessarily impacted production, it was still a clear bug in the system.
Initially, Bateson and Viner stated that, “We have seen no evidence that any data has been exposed online thus far and we continue to monitor this very closely.” A few weeks following the attack, however, The Guardian confirmed that hackers did in fact access the data of some UK based employees. The newspaper company employs about 1,500 individuals globally, with 90% of these staffers located in the United Kingdom. According to a spokesperson for The Guardian, the hackers accessed information that, “may include human resources data collected as part of everyone’s employment at The Guardian.” Additionally, employee names, addresses, insurance numbers, identification documents, and information regarding salary were also exposed and compromised.
Why The Guardian?
The Guardian is a globally recognized, Pulitzer prize winning, British newspaper that’s part of Guardian Media Group. Hackers likely saw the company as a good target for ransomware for several reasons. That includes monetary gain, theft, data breach, to name a few. According to Jake Moore, the global cybersecurity advisor at ESET, the attack on The Guardian was not very surprising. He states that, “news organizations have become a regular target for cyber attacks this year, and these attacks often have even more damaging effects on the companies targeted.” Moore also describes that the company lucked out, in a sense. Ransomware can often impact the entire functionality of an organization. In The Guardian’s case, most of the critical infrastructure wasn’t affected by the attack.
Many larger businesses are affected by ransomware attacks. The amount of attacks that experts see every year is only increasing, and the monetary impact can be extremely detrimental. We often look at the effects of ransomware attacks in the United States, but clearly, ransomware is not unique to any location; although we do know that based on the FBI’s IC3 report, that the US and the UK are, without question, the most targeted countries (see page 20 in their 2021 report, the most recent report to date). While The Guardian is based in the UK, it has a lot of global interdependence and recognition. 10% of Guardian employees are located outside of the UK, and these individuals were also impacted by the ransomware attack. When hackers start targeting international companies, the implications of these attacks can expand far beyond recognition.
How can this be avoided?
Ransomware can unfortunately affect any company, business or organization, no matter how large or small it is. High-powered companies are often targeted by hackers because of their popularity, as well as the amount of revenue they generate but they’re not the only ones that should be concerned. Small businesses can be even more vulnerable than larger enterprises because they often lack the same level of cybersecurity measures, making them easier to crack in the hackers’ eyes. Malware, viruses, ransomware, and other cyber threats can affect any industry – from newspaper or media, like The Guardian, to healthcare or manufacturing.
At Computero, we’ll recommend the absolute best cybersecurity measures that your company should have in place to prevent a similar ransomware attack from happening to your business. Our managed services are custom tailored to every customer but here are some general best practices you should be mindful of, for starters:
- Monitor all systems and devices
- Keep all hardware and software up-to-date and perform frequent updates of operating systems, applications, and more (run updates as soon as they’re available, don’t delay)
- Purchase a reliable business-grade antivirus software – like Trend Micro (business-grade makes all the difference)
- Use two-step verification (aka 2FA: two-factor authentication) to prevent unauthorized individuals from accessing business accounts (physical 2FA security keys are best)
- Emphasize cybersecurity awareness training as a part of employee training, so that staffers can understand common social engineering threats and the potential impact of cyber attacks