US newspaper publisher uses linguistic gymnastics to avoid saying its outage was due to ransomware
- Reference: 1739898016
- News link: https://www.theregister.co.uk/2025/02/18/us_newspaper_publisher_exercises_linguistic/
- Source link:
Listed companies have become adept at describing ransomware without actually saying the word in recent times, Lee being one of them. It told the Securities and Exchange Commission (SEC) that "threat actors unlawfully accessed the company's network, encrypted critical applications, and exfiltrated certain files."
That sounds an awful lot like [1]double extortion ransomware to us.
[2]
The details on offer in today's [3]Form 8-K are the first that provide a strong signal the chain of events were due to ransomware, as was suspected when the troubles were [4]first officially disclosed on February 7. Lee had previously told regulators a "cyber incident" was to blame for a "technology outage."
[5]
[6]
Lee's 8-K, filed on Friday but published today, went on to state that the full extent of the attack was still being assessed.
Forensic analyses remain ongoing to determine if any sensitive data or personally identifiable information (PII) was compromised during the breach, but the company said that as of February 12, the period to which the filing relates, "no conclusive evidence has been identified."
[7]
The impact of the attack has spread across various business operations, and no known [8]cybercrime group has yet claimed responsibility.
Product distribution, billing, collections, and vendor payments were all confirmed to have been affected, and the company echoed the details provided by its own newspapers regarding the production delays hitting digital and print editions.
"As of February 12, 2025, all core products are being distributed in the normal cadence, however weekly and ancillary products have not been restored," the filing reads. "These products represent 5 percent of the company's total operating revenue."
[9]
Lee said the phased recovery will continue over a period of several weeks and that the exploit is likely to have a material impact on its future financials.
In the meantime, temporary measures such as manual transaction processing and shifting to alternative distribution channels have been enacted to ease the burden of business-critical functions.
"Lee maintains a comprehensive [10]cybersecurity insurance policy, which covers costs associated with incident response, forensic investigations, business interruption, and regulatory fines, subject to policy limits and deductibles."
"The company will provide updated guidance once a full assessment is completed."
Many of Lee Enterprise's news brands still have a banner sprawled across their web pages warning of the impact.
"We are currently undergoing maintenance on some services, which may temporarily affect access to subscription accounts and the E-edition," reads the top of the Daily Progress, and others. "We apologize for any inconvenience and appreciate your patience as we work to resolve the issues."
Lee Enterprises operates across 25 states, publishing more than 70 daily newspapers and nearly 350 weekly and special-interest publications.
[11]Ransomware isn't always about the money: Government spies have objectives, too
[12]Triplestrength hits victims with triple trouble: Ransomware, cloud hijacks, crypto-mining
[13]Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet
[14]FortiGate config leaks: Victims' email addresses published online
Many of its newspapers delayed their print editions for days at a time when the attack first took hold, apologizing to their readers, and promising that editions would be delivered albeit a little late and in some cases in a smaller format.
Where there weren't total delivery delays, some productions reduced in size from three sections to two. The Arizona Daily Star was one such example of a publisher that had to reduce its output to meet print deadlines – it said processes that were usually automated had to be completed manually.
Lee's CEO Kevin Mowbray thanked the company's journalists for working through the trying period, demonstrating "above-and-beyond efforts to continue reporting the news and maintaining our operations under challenging circumstances." ®
Get our [15]Tech Resources
[1] https://www.theregister.com/2024/10/22/akira_encrypting_again/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z7URDHDoPoLikXTPFZLWigAAAYQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://www.sec.gov/ix?doc=/Archives/edgar/data/58361/000162828025005855/lee-20250212.htm
[4] https://www.theregister.com/2025/02/10/us_newspapers_lee_enterprises_cyberattack/
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z7URDHDoPoLikXTPFZLWigAAAYQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z7URDHDoPoLikXTPFZLWigAAAYQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z7URDHDoPoLikXTPFZLWigAAAYQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[8] https://www.theregister.com/2025/02/12/google_state_cybercrime_report/
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z7URDHDoPoLikXTPFZLWigAAAYQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[10] https://www.theregister.com/2025/02/07/uk_cyber_monitoring_centre/
[11] https://www.theregister.com/2025/02/12/ransomware_nation_state_groups/
[12] https://www.theregister.com/2025/02/11/triplestrength_google/
[13] https://www.theregister.com/2025/01/25/mysterious_backdoor_juniper_routers/
[14] https://www.theregister.com/2025/01/23/fortigate_config_leaks_infoseccers_list_victim_emails/
[15] https://whitepapers.theregister.com/
Boyz, many years ago I worked for a newspaper. I was System Manager and Pre-Press; i ran all the computers, and in particular I ran the computers which talked to the imagesetter and the platemaker, and so created the film which was burned to plates which were hung on the press. In other words, without Pre-Press there ain't no paper. The imagesetter and platemaker were NOT on the main network; film for the imagesetter was $3/foot (100-foot film canisters, $300/canister) and we did NOT want some bozo in Editorial 'accidentally' sending something to film. We had a server, running A/UX (yeah, it was that long ago) and we had two primitive RAID arrays attached to it externally by SCSI and a DAT tape drive, also on the SCSI chain. And a SyQuest drive, on the SCSI chain, later replaced by a Zip and then a Jaz drive. Why? Because Editorial and Advertising and so on accessed files on the server, which were stored on the RAID arrays, and backed up on DAT tape... and when we needed to send files to file, we would copy the completed files onto a SyPest disk, later onto a Zip or a Jaz disk because everyone hated SyPest with the fury of 10,000 suns, and hand-walk it to the pre-press setup. This meant that we had three copies of all files in use: on the RAID (with an archive, compressed, so that's four copies), on tape, and on various SyPest, Zip, or Jaz disks. We had a fire-resistant file cabinet with tapes and SyPest, Zip, and Jaz disks, plus we sent older tapes/disks out to a 3rd party, so if there was a fire the older stuff would be safe. Literally the only things which would not be stored in multiple copies some of them offline would be the files being worked on that day. Everything else was backed up, including applications and system software. Doing a complete rebuild of the system from go would have been a matter of hours of effort, bringing up essential items and current work, followed by slowly restoring all the files on the RAIDs. Very important stuff was burned to CDs or DVDs and stored elsewhere, so that's five copies.
I could do this 30 bloody years ago, well before there was such a thing as ransomware; I was thinking of fires, or floods, or theft. There was no cloud; when I started, there was one, just one, modem, running at 33.6 kb/s, replaced by two, just two, running at 56 kb/s, and finally by 500 kb/s 'broadband' to the network. What's these boyz problem why they don't have multiple copies and why they didn't go actively looking for malware or stick their stuff on something unlikely to attract malware, such as BSD? (How much ransomware is available for BSD, anyway?)
Sounds like ...
... Harold MacMillan's claim that several top treasury politicians resigning was
"A little local difficulty."
From https://en.wikipedia.org/wiki/Harold_Macmillan see section entitled 'Economy'.
Hope they recover soon.
I wonder if that was a ‘sophisticated attach’?. I bet it was, it’s always a ‘Sophisticated Attack’, isn’t it? It’s never, ‘well one of our senior people opened an email from some impoverished Nigerian prince and our protections were about as useful as a tissue-paper condom!’
No, it’ll be a ’sophisticated and probbaly ‘Nation State’ backed attack won’t it?
The seniors who insisted that their single account has to have domain admin and backup admin rights, and ssh without auth (hey, that's what SSO is for...) and ALL=(ALL:ALL) NOPASSWD: ALL.
Houston, you have a line managing problem..... unhappy bots.
.... it said processes that were usually automated had to be completed manually. And Lee's CEO Kevin Mowbray thanked the company's journalists for working through the trying period, demonstrating "above-and-beyond efforts to continue reporting the news and maintaining our operations under challenging circumstances."
Sounds just like something to be said whenever bots throw a strop and go walkabout contemplating the chaos to be inflicted and/or enjoyed in application and demonstration of a programming walkout/indentured systems meltdown.