Ransomware gang Qilin claims responsibility for cyber attack on newspaper giant Lee Enterprises

Ransomware group Qilin today claimed responsibility for a February 3, 2025 cyber attack on Lee Enterprises. The attack disrupted many of the company’s 70-plus newspapers and other publications.

Lee Enterprises has not verified Qilin’s claim. In an SEC disclosure filed on February 12, the company said, “threat actors unlawfully accessed the Company’s network, encrypted critical applications, and exfiltrated certain files.”

On its data leak site, Qilin says it stole 350 GB of data including “investor records, financial arrangements that raise questions, payments to journalists and publishers, funding for tailored news stories, and approaches to obtaining insider information.”

Because an investigation into the attack is ongoing, Lee Enterprises has not yet disclosed what the stolen data contains. We do not yet know if Lee Enterprises did or will pay a ransom, how much Qilin demanded, or how attackers breached the company’s network. Comparitech contacted Lee Enterprises for comment and will update this article if it replies.

The February 3 attack temporarily took down the websites of several Lee Enterprises publications including the St. Louis Post-Dispatch.

The company’s 8-K filing to the SEC says, “The incident impacted the Company’s operations, including distribution of products, billing, collections, and vendor payments. Distribution of print publications across our portfolio of products experienced delays, and online operations were partially limited. As of February 12, 2025, all core products are being distributed in the normal cadence, however weekly and ancillary products have not been restored. These products represent five-percent of the Company’s total operating revenue. The Company anticipates a phased recovery over the next several weeks.”

Who is Qilin?

Qilin, also known as Agenda, is a Russia-based hacking group that mainly targets victims through phishing emails to spread its ransomware. It launched in August 2022 and runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.

Since it started, Qilin has claimed 47 confirmed ransomware attacks compromising 1.5 million records.

Also in 2025, Qilin has claimed responsibility for breaches at the city of West Haven, CT; the German Bishop’s Conference; and the Palau Ministry of Health and Human services.

Qilin claimed another 56 unconfirmed attacks so far this year that haven’t been acknowledged by the targeted organizations.

Ransomware attacks in the USA

Ransomware attacks can both lock down computer systems and steal data. If an attacked organization refuses to pay, it could face extended downtime, data loss, and put customers at increased risk of fraud.

Comparitech researchers logged 18 confirmed ransomware attacks on US organizations so far in 2025, plus 1,235 unconfirmed claims by ransomware groups. That puts 2025 on track for nearly double the number of attacks as 2024.

Other recently confirmed ransomware attacks on US organizations include:

About Lee Enterprises

Based in Davenport, IA, Lee Enterprises publishes more than 70 daily newspapers in 25 states, plus more than 350 weekly, classified, and specialty publications. It is currently the fourth-largest newspaper group in the United States. Some of its largest newspapers include Buffalo News, the St Louis Post-Dispatch, the Omaha World-Herald, and the Richmond Times-Dispatch.

In November 2021, the US Department of Justice said two Iranian nationals accessed the company’s content management system in the fall of 2020 with the aim of posting false news about the presidential election.