Is Ransomware responsible for the recent hit on Guardian?

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Dec 22, 2022 03:56 am PST

A leading international media outlet, Guardian, was recently attacked in what is suspected to be caused by Ransomware. This happening started late on Tuesday night and has damaged several components of the company’s technological infrastructure. As a result, some employees have been required to work from home, and there has been some disruption to the services that occur behind the scenes. Their online writings have, for the most part, remained unaffected by the recent events since new tales are still being produced and added to the renowned website and app. The business has expressed its conviction that it could publish the newspaper’s printed edition on Thursday.

However, top editors don’t have any information regarding the nature of the outage that occurred lately. Although it has yet to be discovered for certain if or not a demand for a ransom has been issued, it is common practice for hackers to wait several days before making a demand. Although at this stage, the company stated that it felt the event was likely to be a ransomware attack, cybercriminals have frequently targeted news organizations worldwide through computer network attacks. Hackers obtain access to a computer system and then demand that the system be repaired before restoring services.

Workers were Instructed to Work from Home following the Attack.

According to researchers, Guardian was the seventh most-read news website in November, with almost 390 million visitors. This hit had a substantial impact on the company’s IT infrastructure and caused the disruption of a number of behind-the-scenes functions. The vast majority of their workforce have now resorted to working from home, as they had been able to do during the epidemic back then. While a few exceptions still require their presence, the IT teams have been working to deal with all facets of this incident.

In a similar event, Fast Company was forced offline for eight days in September as a result of a cyberattack on the business publication. The hackers used Apple News to distribute inflammatory push notifications during the attack. Also, the dissatisfied employees allegedly posted inappropriate comments on the newspaper’s website and Twitter accounts in October, according to The New York Post.

Ransomware Attacks on News Outlets now becoming a Norm 

Ransomware is one most significant types of online crime that businesses must contend with in the modern era. It is a type of malicious software, sometimes known as malware, that encrypts files and documents of various sizes, ranging from a personal computer to an entire network, including servers.

The ransomware attack leaves victims with few options: they may either pay the criminals responsible for the attack to regain access to their encrypted network. Restore data from their backups or hope that a decryption key is publicly available. Or they begin their work from the very beginning. When the file is opened, it triggers the download of the malicious payload and encrypts the network. Some ransomware outbreaks begin when an employee within an organization clicks on an attachment that appears safe but dangerous.

How Best to Protect your Organization against Cyber Attacks

When it comes to defending your organization effectively, taking preventative action and having a strategy ready in the event of a security incident are both essential components. And most news organizations need to start taking precautionary measures to this effect.

Do you offer training in the awareness of security risks? It should help you in providing better insight into how best to tackle a problem. Also, the following should be noted for every organization’s staff and IT department. 

  • Make everyone constantly aware of their surroundings.
  • User training should be continual and go beyond the yearly requirements for compliance training.
  • Regular Security Awareness testing exercises should be carried out in order to monitor and control the behavior of users.
  • Is the management of your Network up to par?
  • Maintain your familiarity with the most recent developments in cybersecurity.
  • Carry out the necessary security and system upgrades, as well as patching.
  • Maintain a state of ‘alertness’ by ensuring that your network and system monitoring are always active.

This should serve as another reminder that attackers won’t take a holiday this Christmas season; ransomware will continue to strike, given its efficiency. If the attackers had access to an organization’s internal communications, they would probably use the threat of disclosing potentially embarrassing emails to demand a ransom payment. However, it is customary for attackers to hold off until the ideal time to reveal new holes they have found in the organizational infrastructure, particularly over the holidays when IT manpower may be constrained.


Several significant lessons can be drawn from this experience; Organizations must combine efficient data recovery tools with ransomware detection and recovery solutions. Organizations must have comprehensive incident response strategies in place in order to alert their clients, workers, business partners, and the media of potential breaches. And finally, to stop vulnerabilities from being exploited, routine technological audits need to happen more frequently than they did in the past.

Notify of
32 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Global Cyber Security Advisor
InfoSec Expert
January 16, 2023 12:13 pm

“The media have been increasingly targeted with ransomware over the past year but the sensitivity and the amount of data seen is likely to have been a lucky hit for the attackers. The highly personal data that was accessed in this attack is likely to have been used in follow on attacks on staff already and therefore employees will need to be on high alert for such attempts. The high quality information could be used to cleverly prove faux verification in follow on phishing communications to force victims to hand over log on details for email and bank accounts. Such information can then be sold or end up on the dark web for more cybercriminals which lengthens the problem. What we tend to see currently is if ransoms are not paid, there are still further ways in which criminals will attempt to make their attacks financially viable.”

Last edited 8 months ago by Jake Moore
Steve Bradford
Steve Bradford , Senior Vice President
InfoSec Expert
January 16, 2023 11:57 am

“No industry is untouchable when it comes to cybercrime. The Guardian newspaper is the latest organisation to fall victim to a ransomware attack, with staff’s salaries, bank details and passport numbers all being exposed. 

“Phishing attacks continue to be a gateway for deceiving people into handing over sensitive information. All it takes is for a malicious email to slip through and an unsuspecting employee to click on it, with cyber criminals increasingly using tactics that are far more personal and harder to spot. 

“Many of these attacks, at their root, come down to some type of compromised identity, with user access points often targeted. Organisations also have a vital role to play in not only increasing training and awareness for staff to spot suspicious and ‘out of the ordinary’ requests, but to also better safeguard their identities. To reduce the risk of attacks, leveraging AI-enabled identity security will be key, allowing organisations to see, understand and manage who has access to what, and why – this should be standard best practice for cyber security.”

Last edited 8 months ago by Steve Bradford
Paul Bischoff
Paul Bischoff , Privacy Advocate
InfoSec Expert
January 16, 2023 11:55 am

“The theft of Guardian UK employees’ names, address, SIN numbers, government identity documents, and salary details puts those employees at risk of further attacks in the future. That information could be used for identity theft, tax fraud, and other scams. It could also allow bad actors to target and retaliate against Guardian staff who publish something they don’t agree with. Thus far, the stolen data has not surfaced publicly, and hopefully it never does.”

Last edited 8 months ago by Paul Bischoff
Chris Hauk
Chris Hauk , Consumer Privacy Champion
InfoSec Expert
January 16, 2023 11:54 am

“Any organisation can be targeted for cyberattacks like this. The Guardian and other companies need to realise the importance of educating employees and executives about the dangers of these attacks, as well as how to recognise, avoid, and report such phishing schemes. In addition, organisations need to make sure they have recent, offline backups, allowing them to quickly restore their systems in case of attacks. They also need to ensure that their systems are updated to plug security holes that allow the bad guys to perform these attacks.”

Last edited 8 months ago by Chris Hauk
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Leader
January 12, 2023 2:40 pm

“Ransomware can have an impact on any type of organisation, regardless of size. In this particular case it appears that phishing was the root cause, making it even more important for organisations to cultivate a culture of security so that their staff are less likely to fall victim to these kinds of attacks. The impact that this attack could have on staff can be huge and may have long-lasting implications.”

Last edited 8 months ago by Javvad Malik

Recent Posts

Would love your thoughts, please comment.x