Lee Enterprises Probes Ransomware Attack and Data Breach Threat
The newspaper chain already stated that the attack will have a significant impact on its financial situation.

Lee Enterprises said it is looking into a claim by the Qilin ransomware organization that it was responsible for a significant penetration of the newspaper chain's network in early February.

According to SentinelOne experts, the threat organization claimed to steal 350 GB of data during an assault in early February. The organization threatened to start exposing data on March 5, although the exact ransom demand remains unknown.

"We are aware of the claims and are currently investigating them," a Lee Enterprises spokeswoman stated via email.

Lee Enterprises previously stated in a regulatory filing that hackers encrypted crucial apps and took data during a February 3 attack. The corporation warned that the assault would likely have a significant impact on its financial performance and operations.

The hack caused disruptions in print delivery, billing, payments, and other parts of the publishing organization. The company works in 72 areas in 25 states and publishes important regional newspapers such as the Omaha World-Herald, the St. Louis Post-Dispatch, and The Buffalo News.

After the incident, the organization was compelled to manually process transactions.

According to Jim Walter, a security analyst at SentinelOne, Qilin originated in 2022 as a rebrand of the Agenda ransomware campaign. The group's leak site has about 60 purported victims.

The group's favored mode of attack is to exploit stolen or compromised credentials or obtain access via spearphishing.

According to Walter, Qilin offers payloads for Linux and Windows systems, but it also regularly targets virtual/ESXi environments.

According to Darktrace experts, the Lee Enterprises assault is reminiscent to Qilin's double extortion tactic. Threat actors first steal sensitive data, which they then encrypt, creating several payment pressure points.

"What makes Qilin stand out isn't necessarily technical sophistication, but their patient, methodical approach," said Toby Lewis, head of threat analysis at Darktrace, via email. "They conduct extensive reconnaissance, disguise their communications with encryption certificates to appear legitimate, and carefully choose exactly what to steal before launching the final attack."

Source: Cybersecurity Drive