Lee Enterprises Confirms Ransomware Attack on Newspaper Network

Lee Enterprises, a major American media company, has confirmed that it was the victim of a ransomware attack that disrupted operations across dozens of local newspapers. The company owns 350 weekly and specialty publications across 25 states, and at least 75 newspapers were affected, according to the Press Freedom Tracker.

Initially, when Lee notified the U.S. Securities and Exchange Commission (SEC) about the incident, it described the attack as a "cyber incident" that caused a technology outage on February 3, 2025. The company has now provided an update, revealing that cybercriminals gained access to its network, encrypted critical applications, and exfiltrated certain files—a pattern consistent with ransomware attacks.

Extent of the Disruptions

Lee Enterprises reported that the cyberattack impacted several key areas, including:

• Distribution of print publications, leading to delays.

• Online operations, which were partially restricted.

• Subscription accounts, affecting customer access and payments.

• Internal business processes, such as billing, collections, and vendor payments.

Although the core print and digital products have resumed normal operations as of February 12, 2025, the company noted that weekly and ancillary products are still disrupted. These products account for 5% of the company's total operating revenue, and a full recovery is expected to take several weeks.

Forensic Analysis and Data Breach Investigation

Lee Enterprises is conducting a forensic investigation to determine whether any personal or sensitive data was compromised in the attack. While the full extent of the breach remains unclear, ransomware gangs often exfiltrate data before encrypting networks in an effort to pressure victims into paying a ransom.

The company has not disclosed whether it has paid or is considering paying a ransom, but it did highlight that it maintains a comprehensive cybersecurity insurance policy. This insurance covers:

• Incident response costs

• Forensic investigations

• Business interruption losses

• Regulatory fines (subject to policy limits and deductibles)

Potential Financial Impact

Lee Enterprises expects the attack to have a material financial impact, but the full extent of the financial losses is still being assessed. Ransomware attacks often result in:

• Direct financial losses due to operational downtime.

• Costs associated with restoring systems and data recovery.

• Potential legal and regulatory penalties if sensitive customer or employee data was leaked.

Broader Implications for the Media Industry

Ransomware attacks on media organizations pose a serious threat to press freedom, as they can disrupt the flow of news and information to the public. In recent years, cybercriminals have increasingly targeted news organizations, broadcasters, and publishing companies due to their reliance on time-sensitive operations.

How Organizations Can Protect Against Ransomware

To mitigate the risk of ransomware attacks, media companies and businesses in other industries should adopt strong cybersecurity measures, including:

1. Implementing Multi-Factor Authentication (MFA) – Protects access to critical accounts and prevents unauthorized logins.

2. Regularly Backing Up Data – Ensures that encrypted files can be restored without paying a ransom.

3. Keeping Software and Systems Updated – Patching vulnerabilities prevents cybercriminals from exploiting outdated systems.

4. Conducting Security Awareness Training – Employees should be educated on how to recognize phishing attempts and suspicious links.

5. Implementing Network Segmentation – Limits the spread of ransomware across critical infrastructure.

Conclusion

The ransomware attack on Lee Enterprises underscores the growing cybersecurity threats facing media companies. With operations returning to normal, the company's forensic analysis will determine the full scope of the breach, while ongoing security improvements will be necessary to prevent future attacks. Meanwhile, this incident serves as a critical reminder for organizations to bolster their cybersecurity defenses against evolving ransomware threats.