Ransomware attack freezes newspaper printing system

Several German newspapers were left unable to release printed versions of their papers after a ransomware attack affected their printing systems.

Speaking to BleepingComputer, Uwe Ralf Heer, editor-in-chief of Heilbronn Stimme, said the attack hit the entire Stimme Mediengruppe media group, which Heilbronn is a member. Other affected companies under the group are Echo, Pressedruck, and RegioMail.

Heer said a “well-known cybercriminal group” carried out the attack last Friday, October 14, leaving systems encrypted. Despite leaving ransom notes. the attackers are yet to make any specific ransom demands. 

Just four days after the attack, Heilbronn Stimme was able to begin delivering printed newspapers again. The newspaper had released Monday’s issue in e-paper form, temporarily lifting the paywall on its website.

Editors were told to work from home using their personal computers following the ransomware attack. New email addresses were also provided for them.

Slowly returning to normal

The media company’s IT team, who worked with external cybersecurity experts, jump-started production again on Monday evening. An official police investigation has begun. However, the media group has made clear it won’t be providing information regarding the status of the investigation and “possible letter of confession and ransom demands”.

“Thanks to a sophisticated data backup strategy, we were able to restore the production-critical systems with great effort and thanks to the great know-how of the IT team,” said Andreas Reischle, head of IT of Heilbronn Stimme.

Tobias Sobkowiak, Heilbronn Stimme’s head of press printing, is pleased papers are in production again. “We are glad that we were able to produce a newspaper again so quickly under these conditions. This was mainly possible due to the great teamwork in production and the good and long-term cooperation with our service providers. Hand in hand, we managed what didn’t seem possible at the end of last week,” he said.

Regio Mail, Echo, and others newspapers the media company distributes, such as Süddeutsche Zeitung and Stuttgarter Zeitung, also began printing and distribution.

Although full recovery from the attack will take some time, Cornelia Neuberger, head of the regional delivery service for the media group, was proud of what they’ve already achieved.

“The clerks in personnel dispatch at Stimme Logistik, the delivering freight forwarders, the employees in product distribution and the area managers on site are in constant communication. The current situation brings us even closer together. We would like to thank everyone involved for their active support,” she said.

https://blog.malwarebytes.com/feed/