One of the largest newspaper groups in the US- Lee Enterprises, faced the brunt of a cyberattack recently. The newspaper giant, which has readership across 72 markets in 25 states, reported the unfortunate incident of a cyberattack on February 7, 2025. The attack forced the media conglomerate to temporarily bring down its IT infrastructure offline.
Some of the major newspapers in this public publishing house include Omaha World-Herald, The Buffalo News, and Richmond Times Dispatch. Apart from these, Lee Enterprises also runs special publications and online services. In the last quarter itself, this media giant reported a revenue of $145 million.
The details of the attack!
The investigation is going on. As of now, the details of the attackers and the type of cyberattack have not yet been determined. But the attack was severe, and that’s exactly why Lee Enterprises had to experience disruption in newspaper printing and distribution. The spokesperson of Lee Enterprise has been tightlipped and is in no mood to divulge any insider details.
They have mentioned that such investigations require lots of time, energy, and patience. So, they have urged all the stakeholders to stay calm and wait until the investigation is over.
Meanwhile, Erich Kron, Knowbe4’s security awareness advocate, has shared an emailed statement that clearly mentions that the cyberattack on Lee Enterprises is more likely to be a ransomware attack. He believes that ransomware groups are increasingly attacking sensitive and critical infrastructures over the last decade. They do so to create a sense of panic and fear among common people.
Lee Enterprises has filed a 10-Q form with the SEC or the US Securities and Exchange Commission, where it mentioned that the media giant had suffered a significant data breach that had impacted its daily business operations.
There was a technology outage on February 3, 2025, because of the threat attack. This cyberattack led to temporary operational disruptions. However, no Lee Enterprises claims that there has not been ‘any impact that is material’ so far.
Lee CEO Kevin Mowbay has stated that they are working to ‘fully restore our systems.’ There has not been any clarity around whether or not Lee Enterprises had a negotiation or conversation with the threat actors.
St Louis Post Dispatch, one of the newspapers in this publication house, acknowledged the fact that the cyberattack had impacted the publication. Although Dispatch managed to publish the newspaper daily, the aftermath of the attack was quite evident, as most of the newspapers were smaller on different days after the cyber incident.
Casper Star Tribune, another newspaper in Wyoming, acknowledged that the threat attack has affected the regular printing of the pages, leading to difficulties in the publishing process. They expect a temporary reduction in subscription accounts because of this sudden disruption.
An insider at Lee Enterprises revealed that because of the cyberattack on the publication house, some of the systems, like the call center application, a few of the helpline numbers, single sign-on systems for seamless access, and VPN for remote team members got affected.
Another shocking fact is that this is not the first cyberattacking incident on Lee Enterprise. The first attack took place in 2021 when a couple of Iranian hackers attacked the content management system of the publication house. The attackers were trying to create a sense of panic by spreading rumors and misinformation about this threatening event.
Targeting media houses across the globe is gradually becoming a new normal!
Threat actors around the world are increasingly focusing on media organizations as they have found them to be lucrative targets. This sector relies heavily on digital technologies and data. That’s exactly what makes it one of the best targets for cybercriminals.
The first such instance of a cyberattack on a publishing house took place back in December 2022. The Guardian, a popular UK newspaper, experienced a ransomware attack. The day-to-day operations were severely affected. Also, the attackers wiped off the personal data of the employees at The Guardian.
Something similar happened with the New York Times as well. In June 2024, a cyber incident took place which exposed the personal data of some of the freelance visual contributors at the New York Times. The personal data included sensitive details such as the victims’ mailing addresses, nationality, phone numbers, social security numbers, etc.
Radio Geretsried, a German radio station, was also targeted by threat actors back in September 2024. The hackers allegedly had encrypted all the music files. So, the radio station was forced to broadcast music by leveraging emergency backups.
In June 2024, Kadokawa, a renowned Japanese media company known for its video games, manga, and anime, fell victim to a ransomware attack orchestrated by the BlackSuit gang. This cyberattack significantly disrupted Kadokawa’s daily business operations.
The incident highlights the growing need for robust cybersecurity measures, including phishing protection, as phishing remains a common entry point for ransomware attacks. Implementing advanced email security solutions, employee awareness training, and multi-factor authentication can help organizations defend against such threats.