A ransomware attack on the Guardian has hobbled the London-based news-organization’s basic operations, shutting down everything from its office wifi to the tills in the staff canteen.
The Guardian described the attack that began on December 20 as a “serious incident which has affected our IT network and systems.” The paper closed its offices, telling staff to work remotely for several days around the Christmas holiday.
But in a memo to employees this week, chief executive Anna Bateson said that the company’s offices will remain closed until at least January 23. Two Guardian staffers told Semafor that a tiny skeleton crew continues to go into the London office.
“It’s been a total nightmare,” one Guardian employee said.
The staffer told Semafor that the print paper nearly did not come out on the first couple of days following the hack, and remains a heavy lift. The staffer said the paper had nearly missed its payroll. There also remains a concern among at least one staffer Semafor spoke with that some files that were in production were either lost or impacted by the breach.
In an additional memo on Wednesday, after this story was first published, Bateson said the company’s payroll system had returned to normal, but that UK pension payments were “slightly delayed” and will be paid later this month.
Guardian staffers who spoke to Semafor said there seemed to be a distinction between the systems that were working and those that continued to be shuttered. The paper’s email and digital publishing systems have operated normally.
But some of the more antiquated systems, including company expenses and some elements of print production, remain buggy. Columnist picture bylines have disappeared in print for the moment as the result of the hack, a blow for some of the egos of the paper’s opinion writers.
“We’re lucky that some of the systems don’t talk to each other,” a third Guardian employee said.
A spokesperson for the Guardian said a number of IT systems have been affected.
“The work to restore our systems fully is ongoing and will take some weeks. We have asked most staff to work from home for the next three weeks to allow our technical teams to focus on essential technical work,” the spokesperson said.
News organizations and journalists are regular targets of hackers and foreign agents attempting to gain access to information. Last year, News Corp revealed that hackers believed to be based in China sought to uncover emails between journalists and their sources. Hackers also targeted prominent White House correspondents in the days around January 6 in an apparent attempt to collect intelligence, and in 2021 hackers went after the UK-based website Middle East Eye, attempting to place malicious software infecting any user who visited the site.
The Guardian, which won a Pulitzer in 2014, for its reporting on Edward Snowden’s revelations about the U.S. National Security Agency, has long been considered a target for hackers, but reporting has suggested the motives for this attack may have merely been extortion via ransomware. One Guardian staffer told Semafor that the company has hinted privately that it doesn’t believe the hack is a political or specifically anti-Guardian act.
But the Guardian’s leadership has remained silent on the attackers’ motives, and has not mentioned to staff or shared publicly whether a ransom request was actually been made. According to the Telegraph, the Guardian has not reported the incident to the UK’s National Cyber Security Centre.
And newspapers are not exactly ideal ransomware targets: Most, like The Guardian, have thin margins, and aren’t exactly in a position to fork over millions of dollars on a whim.
In Wednesday’s memo to staff, Bateson acknowledged that the company had kept staff in the dark on key details.
“We are doing our best to give everyone as much information as we can, but the investigation is technically very complex and we do not want to inadvertently give out incorrect or incomplete information,” she said. “Please be assured we will be giving everyone regular updates.