Ransomware Attack Shutters Production at Philadelphia Inquirer

Date:

May 15, 2023

World map

The Philadelphia Inquirer reports the publisher has experienced what is being described as the “most significant disruption to its operations in 27 years.”  

The organization said the disruption, suspected to have been caused by a ransomware attack, was as serious as that experienced during a massive blizzard back in January of 1996.

“The company was working to restore print operations after a cyber incursion that prevented the printing of the newspaper's Sunday print edition, the Inquirer reported on its website,” ABC News reports.

“The news operation's website was still operational Sunday, although updates were slower than normal, the Inquirer reported.”

Takeaway: "Ransomware operators are, for the most part, driven by financial incentives," Jon Miller, CEO and co-founder of Halcyon, told The Register.

"They continue to go after both high-value targets that have the means to pay high ransom demands, as well as industries that traditionally have understaffed and underfunded security operations that cannot adequately defend against these more complex, multi-stage attacks, eg media outlets," Miller added.

“Most local media, like The Philadelphia Inquirer, probably fall in that category; they’re underfunded, understaffed, overworked, and subsequently, very vulnerable,” Miller told InformationWeek.

“A determined attacker with enough time and resources is going to find a way around security controls. Planning to be resilient in the aftermath of a successful ransomware attack is the best advice there is,” Miller continued.

When disruptions from ransomware attacks reach a level that puts them on par with significant natural disasters, we know we have a major problem here. The fact that the attack comes just ahead of the Philadelphia Democratic mayoral primary and will impact coverage of this very significant race is also of concern.

A disruptive ransomware attack creates enough issues for victim organizations, and a timely response is of the utmost importance. Currently, the Inquirer staff are unable to use their offices due to systems being down, and the company is scrambling to find coworking space.  

They also reported that staff will not be able to use the newsroom on election night. Contingencies for these kinds of disruption need to already be in place and stress tested before a successful ransomware attack occurs.  

Organizations need to plan for failure, and assume the worst in preparing for any crisis, cyberattacks included. Resilience planning for when controls fail to protect the organization is just as important as prevention planning.

While many organizations have stepped up efforts to prepare for a ransomware attack by implementing controls like anti-ransomware and endpoint protection solutions, most organizations have not done the hard work of actually preparing for a ransomware attack to be successful.

In addition to prevention capabilities, organizations need to hold regular tabletop exercises where they can stress test their incident response plans and develop contingencies to account for disruptions to systems and critical services.

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.