CyberSecurityBoard
Sponsor Register Login

Qilin ransomware claims attack at Lee Enterprises, leaks stolen data

Today, Qilin ransomware added Lee Enterprises to its dark web extortion site, sharing samples of the allegedly stolen data, including government ID scans, non-disclosure agreements, financial spreadsheets, contracts/agreements, and other confidential documents allegedly stolen from the firm. The Qilin ransomware gang has claimed responsibility for the attack at Lee Enterprises that disrupted operations on February 3, leaking samples of data they claim was stolen from the company. In terms of its technical evolution, Qilin introduced a Linux (VMware ESXi) variant in December 2023, started deploying a custom Chrome credentials stealer in August 2024, and introduced a Rust-based data locker with stronger encryption and better evasion last October. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. The threat actors have now threatened to leak all the allegedly stolen data on March 5, 2025, unless a ransom demand is paid. The ransomware actors claimed to have stolen 120,000 files totaling 350GB in size and threatened to release it all on March 5. BleepingComputer contacted Lee Enterprises to learn if the stolen data belonged to them, but a comment wasn't immediately available. A week later, Lee Enterprises submitted a new filing with the SEC that specified that the hackers "encrypted critical applications and exfiltrated certain files," indicating they got hit by ransomware. Last year, Microsoft published a report stating that the notorious members of the 'Scattered Spider' hacker collective had begun to use Qilin ransomware in attacks. Lee Enterprises is a US-based media company that owns and operates over 77 daily newspapers, 350 publications, digital media platforms, and marketing services. In a filing with the U.S. Securities and Exchange Commission (SEC) earlier this month, the company disclosed that it had suffered a cyberattack on February 3, 2025, causing significant operational disruptions.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 28 Feb 2025 18:25:09 +0000


Cyber News related to Qilin ransomware claims attack at Lee Enterprises, leaks stolen data

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
5 days ago Cybersecuritynews.com
Qilin ransomware claims attack at Lee Enterprises, leaks stolen data - Today, Qilin ransomware added Lee Enterprises to its dark web extortion site, sharing samples of the allegedly stolen data, including government ID scans, non-disclosure agreements, financial spreadsheets, contracts/agreements, and other confidential ...
5 hours ago Bleepingcomputer.com Scattered Spider Qilin
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
4 months ago Aws.amazon.com
Qilin ransomware claims attack on automotive giant Yanfeng - The Qilin ransomware group has claimed responsibility for a cyber attack on Yanfeng Automotive Interiors, one of the world's largest automotive parts suppliers. Yanfeng is a Chinese automotive parts developer and manufacturer focused on interior ...
1 year ago Bleepingcomputer.com Qilin Black Basta
Linux version of Qilin ransomware focuses on VMware ESXi - A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date. Due to this adoption, almost all ransomware gangs have created dedicated VMware ESXi ...
1 year ago Bleepingcomputer.com Qilin
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
1 year ago Bleepingcomputer.com Qilin Cactus Black Basta
Lee Enterprises newspaper disruptions caused by ransomware attack - Lee newsrooms across the United States have reported that the cyberattack forced the newspaper publisher to shut down many of its networks, leading to widespread printing and delivery disruptions for dozens of newspapers. BleepingComputer also ...
1 week ago Bleepingcomputer.com
Latest Information Security and Hacking Incidents - The ransomware strain Qilin has surfaced as a new danger to computers using VMware ESXi, which is a recent development in the cryptocurrency space. Concerned observers have expressed concern over the fact that this Qilin Linux version exhibits a ...
1 year ago Cysecurity.news Qilin
The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
1 year ago Bleepingcomputer.com LockBit Qilin Noescape
Lee Enterprises Says Ransomware Attack Compromises 'Critical' Systems - Lee’s incident response team, comprising internal IT personnel and external cybersecurity experts, isolated affected systems and initiated manual transaction processing to mitigate operational paralysis. Lee’s incident highlights the escalating ...
1 week ago Cybersecuritynews.com LockBit
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
11 months ago Bleepingcomputer.com Medusa Cuba STORMOUS
'Sex life data' stolen from UK government among record number of ransomware attacks - Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information ...
1 year ago Therecord.media
Ransomware Groups Gain Clout With False Attack Claims - The cybersecurity community is getting duped by fake breach claims from ransomware groups, experts say - and ransomware misinformation is a threat they predict will only grow in the coming months. The cybersecurity community should know that ...
1 year ago Darkreading.com
BlackSuit ransomware gang claims attack on KADOKAWA corporation - The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid. KADOKAWA is a Japanese media conglomerate that operates numerous companies in film, publishing, ...
8 months ago Bleepingcomputer.com Blacksuit
BlackSuit ransomware gang claims attack on KADOKAWA corporation - The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid. KADOKAWA is a Japanese media conglomerate that operates numerous companies in film, publishing, ...
8 months ago Bleepingcomputer.com Blacksuit
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
VX-Underground malware collective framed by Phobos ransomware - A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. Phobos launched in 2018 in what is believed to be a ransomware-as-a-service derived from the ...
1 year ago Bleepingcomputer.com Qilin Cactus Black Basta
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
Ransomware victims targeted by fake hack-back offers - Some organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data. Both Royal and Akira ransomware ...
1 year ago Bleepingcomputer.com Akira Qilin
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
Kraft Heinz investigates hack claims, says systems 'operating normally' - Kraft Heinz has confirmed that their systems are operating normally and that there is no evidence they were breached after an extortion group listed them on a data leak site. Kraft Heinz is one of the world's largest food and beverage companies, with ...
1 year ago Bleepingcomputer.com Qilin Snatch
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
1 year ago Bleepingcomputer.com LockBit Akira
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
Hacker leaks millions of new 23andMe genetic data profiles - A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum. Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe ...
1 year ago Bleepingcomputer.com Rocke Hunters
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)