Book publisher Macmillan has been hit with what it describes as a “digital security incident”, with experts believing it could be ransomware.
The company’s staff have taken to social media to confirm that the incident has been hugely disruptive for its US side of the business, forcing the company to close its New York head office. Staff are also unable to access emails or files, and customers are unable to order from the company at the time of writing.
According to emails seen by Publishers Weekly, the publisher initially said that a portion of the company’s files had become encrypted and that it had taken all of its systems offline to prevent further compromise.
The company’s US sales team also confirmed that it was unable to process, receive, place, or ship orders as a result of the company-wide shut down of digital systems and physical offices.
However, the attack is affecting both US and UK arms of the company, IT Pro can confirm, after a member of staff said the press department was unable to be contacted due to all email and phone systems being down.
The staff member also said the company will most likely have resolved the incident by next week, but also perhaps even by Friday.
Macmillan originally told customers that it would shut down servers for just one day in an original email sent on Saturday 25 June, and that it is working with “third parties” to resolve the situation.
The attack on Macmillan Publishing does not appear to have been claimed by any major ransomware groups, following an examination of their victim blogs, but experts believe the evidence points to ransomware.
“Whilst, on the one hand, it is encouraging to see Macmillan responding proactively by taking systems offline, the damage has arguably already been done,” Trevor Dearing, director of critical infrastructure solutions at Illumio.
“It’s far safer for organisations to put in proactive protection before an attack happens. Restricting the movement of ransomware by closing unused and high-risk ports drastically reduces the impact of attacks like this one."
Macmillan staff speaking to IT Pro were unwilling to confirm whether the incident was ransomware, or whether any information had been lost or stolen as a result of the attack.
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reportedNews Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the lastNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackersNews Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Healthcare systems are rife with exploits — and ransomware gangs have noticedNews Nearly nine-in-ten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
-
Alleged LockBit developer extradited to the USNews A Russian-Israeli man has been extradited to the US amid accusations of being a key LockBit ransomware developer.
-
February was the worst month on record for ransomware attacks – and one threat group had a field day
News February 2025 was the worst month on record for the number of ransomware attacks, according to new research from Bitdefender.
-
CISA issues warning over Medusa ransomware after 300 victims from critical sectors impactedNews The Medusa ransomware as a Service operation compromised twice as many organizations at the start of 2025 compared to 2024
-
Warning issued over prolific 'Ghost' ransomware groupNews The Ghost ransomware group is known to act fast and exploit vulnerabilities in public-facing appliances
