back to article The Guardian ransomware attack hits week two as staff told to work from home

Long-standing British newspaper The Guardian has told staff to continue working from home and notified the UK's data privacy watchdog about the security breach following a suspected ransomware attack before Christmas. The publication broke the news about the "serious IT incident" on its systems on December 21, and said the …

  1. Lil Endian Silver badge


    "We have been able to keep publishing our journalism..."

    ..and all of your clients' email services are restored, along with legacy data? Oh! Wait, you don't do that! Could you spare some time for a little outfit in San Antonio? I'm sure they have the space, and you could rack up some column inches too!

  2. Anonymous South African Coward

    All cryptomalware authors need to be repatriated to Mos Eisley permanently.

    1. JimboSmith Silver badge

      It was probably the Russians in retaliation for outing Sergei Roldugin the Cellist who holds and looks after Putin’s embezzled money for him. Or the two largest Five Eyes countries for the Snowden leaks etc. They do seem to have made quite a few enemies with their fearless and often misspelled investigative reporting.

    2. NoneSuch Silver badge

      Mos Eisley is fictional. Rockall is real and needs a base population.

      Joke icon. Not joking.

  3. Anonymous Coward
    Anonymous Coward

    If they don't pay up

    the boys will send their Anglegrinders around again.

  4. tip pc Silver badge

    Anyone notice?

    So the guardian are enduring a cyberattack but on the outside it’s business as usual.

    For a tech rag we should be seeing detail on how they’ve done that.

    I assume they are cloud heavy, but what about all that confidential whistleblowing documentation they hopefully have securely stored?

    Is that data safe?

    Are whistle blowers past and future safe against hackers or nation states who want to reveal their identities?

    1. Korev Silver badge

      Re: Anyone notice?

      Good point, it'd be really good to see what they did so we can all learn from it.

    2. druck Silver badge

      Re: Anyone notice?

      The rasomware only affected their spill chucker, so no one noticed.

  5. Korev Silver badge

    A Virtual Pint for the Guardian's techies who probably need several after what must be a hellish time

  6. Huw L-D

    The Grauniad ramsonwear attack, surely?

  7. andy gibson

    Glad its not affected output as I rely on them for quality articles like this

    'Upward-thrusting buildings ejaculating into the sky' – do cities have to be so sexist?"

    1. Lon24 Silver badge

      Yep, a little more rousing than The Sun page 3 these days ...

    2. captain veg Silver badge

      So you had to go back two and a half years and into the obscure "art and design" section for a piece by a non-staff non-journalist to find something to fit your prejudices? Pretty desperate.

      By the standards of these things the Graun is one of the better general news sources, but far from perfect. See this for a recent example of stick-extremity confusion:


  8. FlamingDeath Silver badge

    What was the attack vector?

    I am going to assume email phishing because that seems to be the most popular. Most email clients fail at showing the from address and instead just show display name, this has always bothered me.

    Masquerading as an existing employee is relatively simple, because people just see the display name.

    The “this email is external source” pre header warning some companies might deploy isn’t something that happens automatically, someone has to set that up.

    1. Anonymous Coward
      Anonymous Coward

      Re: What was the attack vector?

      We go one further than that, and match the from message headers 'Display Name' to the display name of any internal 365 recipient with an even bigger, red shouty banner.

      If you manage to ignore that, then it should be a P45 generating event.

  9. G_Man

    Ich bin ein Berliner

    Just a quick bit of pedantry: The Grauniad was in the Berliner format, not broadsheet, prior to going tabloid.

    1. Excellentsword (Written by Reg staff)

      Re: Ich bin ein Berliner

      Very pedantic. The Guardian is still very much a broadsheet in how it presents news and writes it.

    2. TimMaher Silver badge

      Re: Ich bin ein Berliner

      Does that mean that you are a doughnut?

      1. TeeCee Gold badge

        Re: Ich bin ein Berliner

        Actually a Berliner is a cream bun. Looks a bit like a doughnut, but it isn't one.

  10. TimMaher Silver badge

    Yes, but what is really frightening is...

    ... Geordie Greig has joined the Independent.

  11. Twanky Silver badge

    Quis custodiet ipsos custodes?

    OK. Who's job was it to guard the Guardian?

    Yes, yes, rather more than fashionably late to the party.

    "We have been able to keep publishing our journalism digitally and in print, but a number of key IT systems have been affected."

    So the finance (sub-)system is down? What else should a newspaper* need?

    *showing my age here.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like