Macmillan

Publishing giant Macmillan was forced to shut down their network and offices while recovering from a security incident that appears to be a ransomware attack.

The attack reportedly occurred over the weekend, on Saturday, June 25th, with the company shutting down all of their IT systems to prevent the spread of the attack.

Publishers Weekly first reported on the incident, seeing emails from Macmillan that stated they suffered a “security incident, which involves the encryption of certain files on our network.” The use of encryption in the attack indicates that it was a ransomware attack.

Since then, Macmillan editors have been unusually transparent about the security incident, telling agents and clients that they are not being ignored, but have lost access to their systems, emails, and files.

Grace tweet

Megan tweet

While Publishers Weekly said that Macmillan field sales team was warning that the disruption could cause delay in book shipments, Macmillan has already begun bringing systems back online, with employees now able to access their email.

At this time, it is unclear what ransomware gang is behind the attack and if data was stolen.

However, ransomware affiliates commonly steal data before encrypting devices for use in double-extortion attacks, where they threaten victims they’ll publish the stolen data if a ransom is not paid.

If data was exfiltrated during the attack and a ransom is not paid, we will likely see a ransomware operation publishing the stolen files on their data leak site within a few weeks.

BleepingComputer has emailed Macmillan with questions about the attack but has not heard back.

Source: www.bleepingcomputer.com