Guardian executives say ransomware was the cause of the debilitating cyberattack that shuttered its UK offices' this past December.
Guardian Media Group chief executive, Anna Bateson, and editor-in-chief, Katharine Viner described the incident as “a highly sophisticated ransomware attack involving unauthorized third-party access to parts of our network.”
An email was sent out to Guardian employees Wednesday. The attack, originally covered by the Cybernews team, was responsible for disrupting access to the newspapers internal corporate and financial systems, as well as Wi-Fi connections in most buildings.
The email also revealed a breach of personally identifiable information (PII) belonging to the UK staff, although according to executives, none of that information was known to have been leaked to the public.
“We believe this was a criminal ransomware attack, and not the specific targeting of the Guardian as a media organisation. These attacks have become more frequent and sophisticated in the past three years, against organizations of all sizes, and kinds, in all countries. We have seen no evidence that any data has been exposed online thus far and we continue to monitor this very closely.”Anna Bateson, Guardian Media Group chief executive and Katharine Viner, editor-in-chief
PII is described as any category of sensitive data which could potentially expose a person’s identity. Examples of PII can include individual names, addresses, driver's license numbers and credit card numbers.
Bateson and Viner said any PII belonging to its readers, as well as US and Australian staffers, was not compromised.
External cybersecurity experts, hired by the company to help recover lost data and restore IT systems, believe the attack was triggered by a phishing attempt.
A successful phishing attack is often the result of a threat actor sending out a slew of fake emails to company staff. Once opened, the legitimate-looking email attempts to trick the user into opening a malicious attachment or link inside the email. This trigger allows the ransomware to silently infiltrate an organization’s network, steal, and encrypt its sensitive data.
The chief executives also announced its offices should be up and running by February. Guardian staff has been forced to work from home since the December 20th cyberattack.
No further information has been released about the individuals or groups thought to be responsible. It is not clear if a ransom demand was made to The Guardian or if any money was paid out.
More from Cybernews:
Subscribe to our newsletter