A ransomware gang has taken credit for the recent attack on Lee Enterprises, which caused disruptions at dozens of local newspapers.
The cyberattack came to light in early February, when the American media company, which owns roughly 350 weekly and specialty publications across 25 states, revealed that the incident had impacted business applications and resulted in operational disruptions.
The attack reportedly impacted at least 75 newspapers across the US, including the distribution of print publications and online operations.
The company later clarified that the attackers encrypted files and exfiltrated information from its systems, which indicated that it had been targeted in a ransomware attack.
On February 27, the Qilin ransomware group announced that it was behind the attack on Lee Enterprises in a post on its Tor-based leak website. This indicates that Lee Enterprises has refused to pay a ransom or negotiations have stalled.
The hackers claimed to have obtained 350 Gb of files from Lee Enterprises systems, including “investor records, financial arrangements that raise questions, payments to journalists and publishers, funding for tailored news stories, and approaches to obtaining insider information”.
The cybercriminals are threatening to leak the stolen data on March 5 unless a ransom is paid. To demonstrate their claims, they have published samples of the stolen data, including screenshots of passport and driver’s license scans, corporate documents, and spreadsheets.

Qilin is a Russia-linked ransomware-as-a-service that appears to have been around since October 2022. It has targeted a wide range of organizations, including London hospitals, which were forced to cancel operations and appointments due to the attack.
Qilin has to date published the names of roughly 300 victims on its leak website. The actual number of targeted organizations is likely significantly higher considering that many victims decide to pay a ransom — only those that refuse to pay up are named on leak sites.
Related: Philadelphia Inquirer Hit by Cyberattack Causing Newspaper’s Largest Disruption in Decades
Related: Media Giant News Corp Discloses New Details of Data Breach
Related: New York Times Responds to Source Code Leak