Lee Enterprises, one of the largest newspaper groups in the United States, has confirmed a ransomware attack is responsible for significant disruptions to its operations. The attack, which began on February 3rd, 2025, caused a major systems outage impacting the distribution of its 77 daily newspapers and 350 weekly and specialty publications across 26 states. The ransomware attack affected a company with a daily circulation of over 1.2 million and digital reach to more than 44 million unique visitors.
Impact of the Lee Enterprises Ransomware Attack
The ransomware attack resulted in a widespread systems outage.
According to Lee Enterprises’ SEC filing, “Preliminary investigations indicate that threat actors unlawfully accessed the Company’s network, encrypted critical applications, and exfiltrated certain files.”
This severely impacted various aspects of the company’s operations.
- Distribution: Print publication distribution experienced delays.
- Billing and Collections: These processes were severely hampered.
- Vendor Payments: Payments to vendors were also disrupted.
- Online Operations: Online operations were partially limited.
While core products resumed normal distribution by February 12th, weekly and ancillary products, representing 5% of the company’s total operating revenue, remained offline. Lee Enterprises anticipates a phased recovery over the coming weeks.
Technical Details and Internal Impact
The ransomware attack forced Lee Enterprises to shut down many of its networks. This resulted in widespread printing and delivery disruptions for dozens of newspapers. Reporters and editors were unable to access their files due to VPN connectivity issues. The company is currently investigating whether sensitive data or personally identifiable information (PII) was also compromised.
Previous Cyberattack and Ongoing Investigation
This is not the first cyberattack Lee Enterprises has faced. Five years ago, before the 2020 U.S. presidential election, Iranian hackers breached its network as part of a disinformation campaign. The current incident underscores the ongoing threat of ransomware attacks against major organizations. The ongoing investigation will determine the full extent of the breach and the specific ransomware variant used. The Australian National University’s expertise in cybersecurity could provide valuable insights into this type of attack.
Lee Enterprises’ Response
To maintain critical business functions, Lee Enterprises implemented temporary measures, including manual transaction processing and alternative distribution channels. The company’s response highlights the challenges organizations face when dealing with ransomware attacks and the need for robust cybersecurity measures.
