Guardian employees asked to work from home after suspected ransomware attack

The business said its online publishing was 'largely unaffected'

Guardian Media Group reported on Wednesday that it had been hit by a serious IT issue, which was thought to be the result of a ransomware attack.

The company's IT infrastructure was significantly impacted by the attack, which started on Tuesday, with several Several behind-the-scenes services being disrupted as a result of the incident.

The business said its online publishing was 'largely unaffected' and that it was 'confident' of printing the physical paper on Thursday. Online publishing does appear to be working normally.

"We believe this to be a ransomware attack but are continuing to consider all possibilities," editor-in-chief Katharine Viner and Guardian Media Group CEO Anna Bateson told employees in a note.

"Our technology teams have been working to deal with all aspects of this incident, with the vast majority of our staff able to work from home as we did during the pandemic," they added.

"With a few key exceptions, we would like everyone to work from home for the remainder of the week unless we notify you otherwise."

With approximately 390 million visitors in November, The Guardian was the ninth most-read news website, according to the Press Gazette.

It is unclear how the systems of The Guardian were breached, if any data was stolen, or whether a ransom demand was made.

No ransomware group has claimed responsibility for the attack.

Ransomware is a kind of malicious software that may be used by hackers to acquire access to the target computer systems. After gaining initial access, the attackers look for important or sensitive data, encrypt the data, and then demand a ransom in order for the files to be unlocked.

There have been several cases of hackers infiltrating media companies' internal networks in recent months.

In September, a cyberattack on the business publication Fast Company resulted in the publication being taken down for a period of eight days. During the attack, the hackers also sent offensive push notifications via Apple News.

In October, The New York Post said that a disgruntled worker had taken control of the newspaper's website and its Twitter accounts and used them to post offensive content.

Commenting on The Guardian security incident, Jasson Casey, Chief Technology Officer at Beyond Identity, said: "This incident is another reminder that attackers won't take a break this Christmas season, ransomware will continue apace given its effectiveness. If the attackers gained access to internal communications they will likely try to ensure a ransom payment with the threat of leaking potentially embarrassing emails."

Neil Jones, Director of Cybersecurity at Egnyte, noted: "Although details of the attack are still emerging, the online publication fortunately appears to have been unaffected. However, it is not uncommon for attackers to wait for just the right moment to reveal further weaknesses they've exposed in organisational infrastructure, especially during the holidays when IT staffing can be limited."

"There are several key lessons that can be learned from this incident: 1) Organisations need to combine ransomware detection and recovery solutions with effective data recovery programs. 2) Companies need to have incident response plans in place, to effectively notify their customers, employees, business partners and the news media of potential breaches. 3) During these dynamic times, routine technological audits need to occur on a more frequent basis than they did before to prevent vulnerabilities from being exploited."