Fraud Management & Cybercrime , Ransomware
Guardian Newspaper Offices Still Empty After December Attack
Employees Asked to Continue Work From Home Through Jan. 23 After Ransomware AttackBritain's The Guardian newspaper has asked the majority of its workforce to continue working from home until Jan. 23 as the organization continues to recover from the December ransomware attack on its networks.
See Also: Critical Condition: How Qilin Ransomware Endangers Healthcare
In an email sent on Monday, nearly two weeks after the attack, Guardian Media Group CEO Anna Bateson asked employees to continue to work from home to reduce demands on the organization's networks as it continues to restore affected systems. (see: Guardian Ransomware Attack May Presage Holiday Blitzkrieg).
The edict applies to employees at The Guardian's London headquarters, as well as staff in Australia and New York. Guardian Media Group is estimated to have a circulation of 105,000 and it is the seventh-most-read news site in the world.
The organization on Dec. 21 experienced a ransomware attack, in which hackers compromised the newspaper's IT infrastructure. Although the incident did not affect newspaper production or other operations, the organization asked employees to work from home as a precautionary measure.
"We have asked most staff to work from home for the next three weeks to allow our technical teams to focus on essential technical work," a spokesperson for The Guardian told Information Security Media Group on Wednesday. "The work to restore our systems fully is ongoing and will take some weeks."
Although details about the threat actors and ransom involved remain unclear, British cybersecurity expert Kevin Beaumont revealed in a Mastodon post that The Guardian attack appeared to have affected the publication's on-premises infrastructure.
"While The Guardian's cloud infrastructure remains online, he said, "it looks like the on-prem Windows infrastructure has bit the dust. The external network links are up, BGP looks fine, but they've taken the internal network offline entirely."