Guardian newspaper hit by ransomware – probably

Ransomware "believed" to have hit leading UK newspaper and website.
21 December 2022

Events are still cloudy at the Guardian, but it “believes” it has been hit by ransomware.

Getting your Trinity Audio player ready...

One of the UK’s leading newspapers has been hit by a suspected ransomware attack.

The Guardian is intellectual and left-wing in its editorial slant, though it’s as yet unclear whether that has anything to do with its apparent targeting. It’s significantly more likely to have to do with its ability to pay a potential ransom – particularly as the attack appears to have been carefully aimed at the IT systems that serve its “behind the scenes” services, rather than either its ability to print its daily newspaper, or post to its website.

That website is currently one of the most visited news sites in the world.

A statement on behalf of the newspaper said it were confident that the paper and the website would continue to be printed and updated, given the non-critical systems that appear to have been hit. Nevertheless, as a precaution, the Guardian has sent all its staff home to work remotely, as they did during Covid lockdowns.

The statement added that it was believed that the attack was a ransomware event, but that all possibilities were still being considered. That suggests that no actual ransom has yet been demanded. It also suggests there may be ongoing security work to segment the systems that have been affected, and prevent any horizontal attack to more vital systems, which if attacked would undoubtedly warrant a higher ransom demand.

How much is the Guardian worth?

Taking down the Guardian’s website – currently the ninth most-read news site in the world according to the impartial Press Gazette – would be a major coup, as the paper has a history going back to 1821, and it remains one of the few left-leaning and liberal daily newspapers in the UK. It’s also currently the UK’s “Newspaper of the Year” – so locking away its website, which racked up almost 390 million visits in November, 2022 alone, could cause havoc for the Guardian Media Group, and force it to consider paying whatever ransom was demanded. The Guardian Media Group last year posted total revenues of £255.8 million.

Ransomware has been the MVP in the cybercriminals’ arsenal in 2022, and all the indications are that it will continue to be the single biggest threat across 2023 as well, with smaller cybercrime players amalgamating into larger gangs with more reach and greater ease of effect. While indications are that ransomware will become a much more significant threat for smaller businesses in 2023, nothing especially suggests that bigger targets like the Guardian will be any safer because of that intensification of effort on smaller, more numerous and more regular paydays.

While specifics of the Guardian ransomware attack – even down to the question of whether it is a ransomware attack – remain sketchy as yet, if the newspaper group gets away with only its behind the scenes services affected, it will undoubtedly think itself lucky, and redouble its efforts to secure its critical operating systems to avoid any repetition of the heart attack its senior staff are probably having right about now as the potential consequences of a catastrophic ransomware attack sink in.

Cyberinsurance posture hardening in 2023?

There have been murmurs on the cyberinsurance market in London in the last quarter that cyberinsurance policies are set to become much more stringent in 2023, and even that some major insurers may take the opportunity of policy renewals to reflect the rising ransomware threat floor by carving ransomware protection specifically out of policies from next year on. That would leave companies of all shapes and sizes to implement significantly stronger cybersecurity policies if they wanted to continue to operate to a satisfactory safety standard.

2023 is also tipped to be the year when cybersecurity stops being mostly a technology team’s problem and becomes something to be tackled at board level, when CISOs will need to commit to investment and C-Suite learning about how to keep their companies, their shareholders, and their supply chains from the threat of cyberattack.

In that sense, whether the Guardian turns out to have been the victim of a ransomware attack or not, and whether the full extent of the attack remains in its behind the scenes system or evolves into something more spectacularly damaging, it may have an unintended upside.

The Guardian is a big enough name in the UK to rattle board members across several tiers of the British economy, and act as an example. “If today they can hit the Guardian, when are they coming for us?” will be a question boards will be asking as further details of the presumed attack unfold.

Low-hanging fruit.

The UK is particularly vulnerable to cyberattack right now – and ransomware, especially. Firstly, the country is in economic turmoil, with a cost of living crisis and conditions only predicted to get worse for the next two years. Workers in critical infrastructure, from postal workers to border force staff, to nurses and paramedics in the country’s chronically underfunded National Health Service, rail workers, highway workers, bus drivers and more are all on strike this month – some of them for the first time in history.

That all speaks of an economy in which companies will be eager to pay ransoms if they can, because the whole system is already under extreme stress, and paying might be the only way for companies to survive to see next year.

In addition to which, a survey by security specialists Proofpoint back in February, 2022 showed that a full 82% of British businesses that had been hit by ransomware in 2021 had chosen to pay the ransom, compared to a global average of just 58%. It also revealed that three-quarters of all British businesses had been hit by at least one cyberattack last year.

Will the Guardian be able to brush off this potential attack? Providing it gets no worse in the next week, absolutely. But it might well act as the wake-up call British companies need to get serious about cybersecurity.