Qilin Ransomware Gang Claims Responsibility for Lee Enterprises Attack

Qilin Ransomware Gang Claims Responsibility for Lee Enterprises Attack

The Qilin ransomware group has taken credit for the recent cyberattack on Lee Enterprises, a leading American media company that publishes over 79 newspapers in 25 states. The attack resulted in the theft of sensitive data, including financial records, journalist payments, and insider news tactics.

Lee Enterprises reported to the SEC (Securities and Exchange Commission) that a February 3 cyberattack led to unauthorized access, file withdrawals, and encryption of critical applications. As a result, at least 79 newspapers faced publication disruptions, subscriber access issues, and disabled newsroom phones. Some sites displayed maintenance notices after the attack.

After discovering the breach, Lee Enterprises activated its incident response team, comprising internal personnel and external cybersecurity experts retained to assist in addressing the incident. The company is actively conducting forensic analysis to determine whether sensitive data or personally identifiable information (PII) was compromised.

Preliminary investigations indicate that threat actors unlawfully accessed the Company’s network, encrypted critical applications, and exfiltrated certain files. However, no conclusive evidence has been identified yet, but the investigation remains ongoing.

Qilin Ransomware Group Claims Responsibility

The gang threatens to leak the stolen data on March 5, revealing details worth noting about Lee Enterprises, such as investor records, financial arrangements that raise questions, payments to journalists and publishers, funding for tailored news stories, and approaches to obtaining insider information.

“All data will be published on March 5, 2025. We are preparing to share sensitive data with the public that could shed new light on Lee Enterprises, a prominent newspaper publishing firm active across all U.S. states,” reads the message published by Qilin on its leak site.

About Qilin Ransomware Group

The Qilin ransomware group is a Russian-speaking cybercrime group operating a Ransomware-as-a-Service (RaaS) model since 2022. Initially, their ransomware was written in Go but transitioned to Rust in December 2022, enhancing its capabilities.

Qilin has targeted various sectors, including healthcare. Notably, in June 2024, an attack on the UK-based medical laboratory company Synnovis significantly disrupted operations across London hospitals.

The Qilin ransomware group is known for its sophisticated tactics and ability to adapt to new technologies. Their involvement in high-profile attacks like the Lee Enterprises cyberattack highlights their growing threat profile.