robert-anasch-McX3XuJRsUM-unsplash (1)

Publishing giant Macmillan still unable to process orders after ransomware attack

Publishing giant Macmillan is in the process of recovering from a ransomware attack that has left it unable to process orders electronically. 

No ransomware group has come forward to claim the attack, but employees of the company initially took to Twitter to discuss the incident. Publishers Weekly was the first to report that the company was emailing customers and employees about closing its offices on Monday and Tuesday due to the attack. 

Macmillan told The Record that it immediately took all of its systems offline on Monday to “prevent further impact to our network.”

“Macmillan recently experienced a security incident, which involves the encryption of certain files on our network. We are working diligently with specialists to investigate the source of this issue, understand its impact on our systems, and to restore full functionality to our networks as soon as possible,” a company spokesperson said. 

“Customers and other third-party partners may notice that certain systems are unavailable while these efforts are underway. Please know that the Macmillan team is working around the clock on this restoration and installation of additional network safeguards.”

The spokesperson added that they are now in the process of bringing certain systems back online, specifically those that were taken down as a precautionary measure. 

The company’s UK warehouse was able to resume operations on Tuesday and it is still able to accept orders electronically in the U.S. but is unable to process them. 

Employees said they could not access their emails, files or company systems this week, and St. Martins Press executive Editor Sarah Cantin said she was still struggling to get access restored on Thursday. 

According to Publishers Weekly, Macmillan’s field sales team emailed customers notifying them that they were not able to “process, receive, place, or ship orders.”

This is not the first ransomware attack on a book publisher or library service. In April, the LockBit ransomware group attacked popular German library service Onleihe, which allows users to rent and borrow e-books, electronic newspapers, magazines, audio books and music from more than 200 libraries across Germany, Austria, Switzerland, Italy, Liechtenstein, Denmark, Belgium and France.

Many of the websites connected to their platform – ID-Delivery,, the divibib user forum,,, and certain catalog data – were affected by the attack. 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.