SECURITY
SECURITY
SECURITY
The Guardian confirms December cyberattack involved ransomware
Guardian News & Media Ltd., the publisher of the U.K. newspaper The Guardian, today confirmed that a cyberattack that disrupted its internal services in December was a ransomware attack.
In an email sent to staff today, the attack was described as a “highly sophisticated cyber-attack involving unauthorized third-party access to parts of our network.” The attack vector is believed to have been most likely a successful phishing email.
Personal data of U.K. staff members are said to have been accessed during the incident. Reader and subscriber data, along with information relating to Guardian staff in the U.S. and Australia, is not believed to have been accessed.
No evidence has been found of the data being shared online, with employees told that the risk of fraud is therefore considered low. The email did warn, though, that “there is the potential for these types of data to be combined and used for identity fraud.” Affected staff are being offered free support against identity theft from Experian plc.
“We believe this was a criminal ransomware attack and not the specific targeting of the Guardian as a media organization,” the email read. “These attacks have become more frequent and sophisticated in the past three years, against organizations of all sizes, and kinds, in all countries.”
The attack, which occurred in the week before Christmas, did not affect the online publishing of The Guardian but resulted in a disruption to behind-the-scenes services. Employees were also told to work from home while the attack was being dealt with.
Forward three weeks and Guardian staff are still working from home and a return to working at the newspaper’s office has been postponed until early February. The Guardian expects some critical systems to be back up and running “within the next two weeks.”
“This is a lesson that no matter the industry you are in, you are a target for ransomware,” Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. “The initial infection vector here, email phishing, is one of the most common and successful attack types when it comes to ransomware.”
Kron added that organizations should ensure they have good, tested and offline backups, and should ensure they’re educating their staff on how to identify and report phishing emails. “In addition, data loss prevention controls are critical as bad actors often steal data and use the threat of releasing it publicly to extort victims,” he said.
Photo: The Guardian
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
