The Qilin ransomware group has claimed responsibility for the February 3, 2025, cyberattack on Lee Enterprises, which previously disrupted newspaper production, subscriber services, and financial operations across the media company’s network.
In a new development, the ransomware gang has threatened to release 350GB of allegedly stolen data on March 5 unless a ransom is paid.
Qilin takes responsibility for the attack
Lee Enterprises, which owns and operates over 77 daily newspapers and hundreds of digital and print publications, first reported the cyberattack in an SEC filing, revealing that its internal systems were encrypted, disrupting newspaper production, customer services, and financial transactions. However, the identity of the attackers was initially unclear.
As the company scrambled to restore operations, it later confirmed in another SEC filing that ransomware was responsible. The cyberattack forced Lee Enterprises to implement temporary workarounds and alternative distribution channels to maintain its core publishing functions. Despite these efforts, the company admitted to experiencing a “material impact” on its operations and financial outlook.
On February 27, 2025, Qilin listed Lee Enterprises on its dark web extortion site, claiming responsibility for the attack. The ransomware gang published samples of the allegedly stolen data, which includes government ID scans, financial records, non-disclosure agreements, contracts, and confidential corporate documents. The hackers allege they have stolen 120,000 files totaling 350GB.
BleepingComputer
In a statement to CyberInsider on February 3, 2025, Lee Enterprises confirmed they are investigating the situation, but did not have any further details to share.
Threat of data exposure
Qilin has set a March 5 deadline for Lee Enterprises to meet its ransom demand, threatening to release all stolen data if the company refuses to comply. In a message posted on its leak site, Qilin hinted that the stolen documents contain sensitive financial details, insider payment records, and information that could “shed new light” on Lee Enterprises’ business operations.
This latest development intensifies concerns regarding the potential exposure of sensitive data belonging to employees, subscribers, and business partners. Lee Enterprises has not confirmed whether personally identifiable information (PII) was compromised but continues to conduct forensic analysis.
Who is Qilin?
Qilin is a Russian-speaking ransomware group operating under a Ransomware-as-a-Service (RaaS) model since 2022. Initially known as “Agenda,” the gang has targeted organizations across multiple industries, including healthcare and automotive. In 2024, Qilin ransomware was linked to attacks on UK-based medical laboratories, disrupting hospital services in London.
The gang has evolved its tactics over time, recently incorporating a Rust-based encryption algorithm for stronger security evasion. Microsoft has also reported links between Qilin and members of the notorious ‘Scattered Spider' hacking collective, suggesting a broader cybercriminal network at play.
Lee Enterprises’ next steps
Lee Enterprises has notified law enforcement agencies and continues working with cybersecurity experts to assess the full extent of the breach.
With Qilin’s deadline looming, the publishing giant faces increased pressure to secure its data and restore public confidence. CyberInsider will continue monitoring the situation as new developments emerge.
Paragon Partition Manager Flaws Leveraged in Ransomware Attacks
Leave a Reply