Macmillan Publishers hit by apparent cyber attack as systems are forced offline

An abstract mock up of a blue padlock on a binary code background

published 30 June 2022

Book publisher Macmillan has been hit with what it describes as a “digital security incident”, with experts believing it could be ransomware.

The company’s staff have taken to social media to confirm that the incident has been hugely disruptive for its US side of the business, forcing the company to close its New York head office. Staff are also unable to access emails or files, and customers are unable to order from the company at the time of writing.

According to emails seen by Publishers Weekly, the publisher initially said that a portion of the company’s files had become encrypted and that it had taken all of its systems offline to prevent further compromise.

The company’s US sales team also confirmed that it was unable to process, receive, place, or ship orders as a result of the company-wide shut down of digital systems and physical offices.

However, the attack is affecting both US and UK arms of the company, IT Pro can confirm, after a member of staff said the press department was unable to be contacted due to all email and phone systems being down.

The staff member also said the company will most likely have resolved the incident by next week, but also perhaps even by Friday.

Macmillan originally told customers that it would shut down servers for just one day in an original email sent on Saturday 25 June, and that it is working with “third parties” to resolve the situation.

The attack on Macmillan Publishing does not appear to have been claimed by any major ransomware groups, following an examination of their victim blogs, but experts believe the evidence points to ransomware.

The scariest security horror stories of 2021 The rise of double extortion ransomware Double extortion ransomware pushes average payments close to $1 million

“Whilst, on the one hand, it is encouraging to see Macmillan responding proactively by taking systems offline, the damage has arguably already been done,” Trevor Dearing, director of critical infrastructure solutions at Illumio.

“It’s far safer for organisations to put in proactive protection before an attack happens. Restricting the movement of ransomware by closing unused and high-risk ports drastically reduces the impact of attacks like this one."

Macmillan staff speaking to IT Pro were unwilling to confirm whether the incident was ransomware, or whether any information had been lost or stolen as a result of the attack.

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.