Qilin Ransomware attack at Lee Enterprises, Lecks Stolen Data

The Qilin Ransomware gang has taken responsibility for the attack on Lee Enterprises, which interrupted the company on February 3, and the data they claim were stolen from the company.

The threat actors have now threatened to violate all the allegedly stolen data on March 5, 2025, unless a ransom demand is paid.

Lee Enterprises is a media company based in the USA that has over 77 daily newspapers, 350 publications, digital media platforms and marketing services. The main focus of the company is on local news and advertising. The digital audience reaches tens of millions per month.

In a submission to the US Securities and Exchange Commission (SEC) at the beginning of this month, the company announced that it had suffered a cyber attack on February 3, 2025, which led to significant operational disorders.

The bleeping computer learned that the failure caused significant problems, e.g.

A week later, Lee Enterprises submitted a new registration with the SEC, in which it was determined that the hackers “encrypted critical applications and powder certain files”, which indicates that they were hit by ransomware.

Today, Qilin Ransomware Lee Enterprises added to his Dark web extortion site and shared patterns of the allegedly stolen data, including state ID scans, non-open resolution agreements, financial spreadsheets, contracts/agreements and other confidential documents that were allegedly stolen to the company.

The ransomware players stated that they had stolen 120,000 files with a size of 350 GB and threatened to publish everything on March 5.

Bleeping computer contacted Lee Enterprises to find out whether the stolen data belonged to them, but a comment was not immediately available.

Qilin Ransomware Evolution

Qilin is not one of the most productive ransomware gangs, but has put a long way under the name “Agenda” since its start in August 2022.

In the following years, the cyber criminal hundreds of victims with some remarkable cases, including the automotive giants Yangfeng, the Australia's court services Victoria and several large NHS hospitals in London.

With regard to its technical development, Qilin introduced a variant of Linux (VMware ESXI) in December 2023, in August 2024 a custom chrome-defined steps of chrome and introduced a rust-based data locker last October last October.

Last year Microsoft published a report in which the notorious members of the “scattered Spider” collective had started to use Qilin Ransomware.