Publishing firm Macmillan was forced to shut down their network and offices while recovering from a security incident that appears to be a ransomware attack.
The attack reportedly occurred on Saturday 25th June, with the company shutting down all their IT systems to prevent further spread.
Publishers Weekly first reported on the incident, having seen emails from Macmillan that stated they suffered a “security incident, which involves the encryption of certain files on our network.” The use of encryption in the attack suggests that it was caused by a ransomware attack.
Since the weekend, Macmillan editors have been transparent about the security incident. They have reportedly been telling agents and clients that they have lost access to their emails, systems, and files.
Macmillan has already begun bringing systems back online, with employees now able to access their email accounts. Publishers Weekly has said that the Macmillan field sales team has warned that there may be a disruption that could cause delay in book shipments.
It is unclear what ransomware gang is behind the attack. It is also not yet know if the data was stolen.
However, ransomware affiliates commonly steal data before encrypting devices for use in double-extortion attacks. This usually involves threatening victims with publishing their stolen data if a ransom is not paid.
If data was exfiltrated during the attack and a ransom is not paid, it is likely that a ransomware operation will publish the stolen files on their data leak site within a few weeks.