Publishing giant Macmillan is recovering from a ransomware attack that left it unable to process orders electronically.
No ransomware group has come forward to claim responsibility for the attack, but company employees first took to Twitter to discuss the incident. Publishers Weekly was first to report that the company was emailing customers and employees about closing its offices on Monday and Tuesday due to the attack.
Macmillan told The Record that he immediately took all of his systems offline on Monday to “avoid any further impact on our network.”
“Macmillan recently experienced a security incident, which involved the encryption of certain files on our network. We are working diligently with specialists to investigate the source of this issue, understand its impact on our systems, and restore full functionality to our networks as soon as possible,” a company spokesperson said.
“Customers and other third-party partners may notice that some systems are unavailable while these efforts are underway. Please be aware that the Macmillan team is working around the clock on this restoration and the installation of additional network protections.
The spokesperson added that they are in the process of bringing some systems back online, especially those that were taken down as a precaution.
The company’s UK warehouse was able to resume operations on Tuesday and is still able to accept orders electronically in the US, but is unable to process them.
Employees said they couldn’t access their corporate emails, files or systems this week, and St. Martins Press editor Sarah Cantin said she was still struggling to restore access on Thursday.
According to Publishers Weekly, Macmillan’s field sales team emailed customers telling them they were unable to “process, receive, place or ship orders.”
This isn’t the first ransomware attack against a book publisher or library service. In April, the LockBit ransomware group attacked the popular German library service Onleihe, which allows users to rent and borrow e-books, e-newspapers, magazines, audiobooks and music in more than 200 libraries in Germany, Austria, Switzerland, Italy, Liechtenstein, Denmark, Belgium and France.
Many sites connected to their platform – ID-Delivery, divibib.com, the divibib user forum, ekz.de, ekz.at, ekz.fr and some catalog data – were affected by the attack.