Lee Enterprises Ransomware Attack Halts Freelance Payments

A ransomware attack targeting newspaper giant Lee Enterprises has disrupted its ability to process payments for its hired freelancers and contractors, leaving many without compensation. The cyberattack, which began on February 3, 2025, has caused ongoing operational issues, affecting print production, billing, and vendor payments.

According to a TechCrunch report, Lee Enterprises confirmed on February 18 that hackers had encrypted critical applications, directly impacting financial transactions. A contractor speaking to TechCrunch anonymously said they had not received payment for their work and had not heard any updates from the company since mid-February.

The cybercriminal group Qilin has claimed responsibility for the attack, posting on its dark web leak site that it had stolen 350GB of data, including financial records, payments to journalists, and insider business information. The group has threatened to leak the stolen files on March 5. Qilin’s leaked samples include government ID scans, corporate documents, and confidential agreements.

The group stated, "The documents we hold about Lee Enterprises reveal details worth noting," implying that the stolen data contains sensitive financial and operational insights. Despite these claims, Lee Enterprises has not confirmed the authenticity of the stolen files, telling BleepingComputer, "We are aware of the claims and are currently investigating them."

The attack has not affected salaried employees, but internal operations remain hampered. Cloud storage and corporate VPN access were also disrupted. A regulatory filing with the US Securities and Exchange Commission (SEC) indicated that the attack is "reasonably likely to have a material impact" on the company’s financial condition.

Qilin, a Russian-speaking ransomware gang, has been active since 2022, operating under a ransomware-as-a-service (RaaS) model. The group has targeted a range of industries, including automotive manufacturers, healthcare services, and government agencies.

While many ransomware gangs demand payment in exchange for decryption keys, Dark Reading noted that Qilin has not explicitly stated whether it’s demanding a ransom from Lee Enterprises. Instead, its dark web post warns, "Watch this space — Lee Enterprises is aware of what’s in play."