FlagThis

Lee Enterprises, a major newspaper publisher, confirmed a ransomware attack affecting 77 newspapers and 350 weekly publications, encrypting critical applications and exfiltrating certain files. The StaryDobry campaign used trojanized game installers to deploy the XMRig cryptominer. BlackLock ransomware is emerging as a major player, and uses custom-built malware targeting Windows, VMware ESXi, and Linux environments. The campaign has also been observed deploying the XMRig cryptominer to unsuspecting users, particularly in Russia, Brazil, Germany, Belarus, and Kazakhstan. The attackers are using double-extortion tactics.

Lee Enterprises, a major media group in the U.S., experienced a cyberattack that disrupted its systems and operations. The attack, which began on February 3, 2025, affected subscriber services and print production across numerous publications, including the St. Louis Post-Dispatch. While the company is working to restore its systems, the incident highlights the vulnerability of media organizations to cyber threats, potentially impacting news dissemination and operational capabilities.