German Newspapers Targeted by Ransomware Attack
Halted Distribution for Multiple Newspapers as Law Enforcement Agencies Investigate.
German newspaper Heilbronner Stimme is part of an ongoing cyberattack, after having all its systems encrypted by unknown threat actors, on October 14th. The publication`s printing systems are still compromised, while phone and email communication only remained offline during the weekend.
Editor-in-chief Uwe Ralf Heer claims the attack impacted the entire Stimme Mediengruppe, which includes the companies Pressedruck, Echo, and RegioMail. Echo, which circulates 254,000 copies, was also affected by the ransomware attack, and there were issues accessing its e-paper on the website. The online news portal Echo24.de, however, continues to be operational.
Heer also states that the attack encrypted their systems on Friday night and left ransom notes behind, but no specific ransom demands have been made. A crisis team has been set up, and cyber experts are investigating the events. The police and also the Ministry of the Interior are involved in the investigation.
We are currently doing everything we can to be able to produce and deliver a newspaper in the usual quality as quickly as possible.
Marc Becker, Managing Director at Stimme Mediengruppe
According to BleepingComputer, Heilbronner Stimme has a circulation of about 75,000 copies, but due to printing issues has temporarily lifted the paywall from its website, which counts approximately 2 million visitors per month.
What Happens Next
For the time being, all journalists and other staff members have been urged to work from home. Temporary email addresses were assigned and most communication takes place on the WhatsApp platform.
Because the media group is also a distributor, it is reported that the circulation of other popular newspapers like Süddeutsche Zeitung and Stuttgarter Zeitung in the district of Heilbronn will stop until further notice.
It is yet unclear if the company will proceed to pay the ransom in the event such demand will become known, nor is there any information related to the identity of the threat actor group responsible for the attack.