Lee Enterprises Faces Prolonged Ransomware Attack Disrupting Newspaper Operations

 

Lee Enterprises, one of the largest newspaper publishers in the United States, is facing an ongoing ransomware attack that has severely disrupted its operations for over three weeks. The company confirmed the attack in a filing with the U.S. Securities and Exchange Commission (SEC), revealing that hackers illegally accessed its network, encrypted critical applications, and exfiltrated certain files. 

The publishing giant is now conducting a forensic investigation to determine whether sensitive or personal data was stolen. The attack has had widespread consequences across Lee’s business, affecting essential operations such as billing, collections, vendor payments, and the distribution of print newspapers. Many of its 72 publications have experienced significant delays, with some print editions not being published at all. 

The Winston-Salem Journal in North Carolina reported that it was unable to print several editions, while the Albany Democrat-Herald and Corvallis Gazette-Times in Oregon faced similar disruptions, preventing the release of at least two editions. Digital services have also been affected. On February 3, Lee Enterprises notified affected media outlets that one of its data centers, which supports applications and services for both the company and its customers, had gone offline. 

This outage has prevented subscribers from logging into their accounts and accessing key business applications. Several Lee-owned newspaper websites now display maintenance messages, warning readers that subscription services and digital editions may be temporarily unavailable. The full impact of the attack is still being assessed, but Lee has acknowledged that the incident is “reasonably likely” to have a material financial impact. With print and digital disruptions continuing, the company faces potential revenue losses from advertising, subscription cancellations, and operational delays. 

Law enforcement has been notified, though the company has not disclosed details about the perpetrators or whether it is considering paying a ransom. Ransomware attacks typically involve cybercriminals encrypting a company’s data and demanding payment in exchange for its release. If Lee refuses to negotiate, it may take weeks or months to fully restore its systems. 

Cyberattacks targeting media organizations have become increasingly common, as newspapers and digital publications rely on complex networks that can be vulnerable to security breaches. The Freedom of the Press Foundation is currently tracking the scope of the attack and compiling a list of affected newspapers. For now, Lee Enterprises continues its recovery efforts while its newspapers work to restore regular operations. 

Until the attack is fully resolved, readers, advertisers, and employees may continue to face disruptions across print and digital platforms. The incident highlights the growing threat of ransomware attacks on critical infrastructure and the challenges companies face in securing their networks against cyber threats.