British news organisation The Guardian was hit by a ransomware attack Tuesday night. The company has since shut down some of its IT infrastructures, and while online publishing remains unaffected, the disruption might impact its print newspaper on Thursday.
WiFi access at the company’s headquarters was disrupted, in addition to shared computer systems used at the company. Security researcher Kevin Beaumont claimed on Mastodon that both of The Guardian’s data centres are offline — possible causes being either a compromise or a failure at their network provider’s end.
Beaumont further added that the “outage looks pretty bad” with prem systems, VPNs and FTP servers, among other IT infrastructure, offline. While their cloud infrastructure is still online, the in-office Windows infrastructure seems to have bit the dust.
Additionally, while their external links are still working and the BGP protocol seems to be working fine, the internal network is offline, suggesting a likely security compromise.
The Telegraph reports that even senior editors at the company are in the dark about the nature of the outage, but most of the company’s internal systems are still functional. Journalists can publish stories online and access email as well. The incident has not been reported to the National Cyber Security Center.
Currently, The Guardian has not shared any information about the attack itself or a possible ransom demand. Except for a few key people, the rest of the staff has been asked to work from home for the rest of the week with no word on when its systems will be fully restored.
According to The Guardian Media Group Chief Executive Anna Bateson and Editor-in-Chief Katharine Viner, “there has been a serious incident which has affected our IT network and systems in the last 24 hours. We believe this to be a ransomware attack but are continuing to consider all possibilities”.