Publishing giant Macmillan still unable to process orders after ransomware attack

Publishing giant Macmillan is in the process of recovering from a ransomware attack that has left it unable to process orders electronically. 

No ransomware group has come forward to claim the attack, but employees of the company initially took to Twitter to discuss the incident. Publishers Weekly was the first to report that the company was emailing customers and employees about closing its offices on Monday and Tuesday due to the attack. 

In case you haven’t heard, Macmillan is experiencing a digital security incident, and our systems are shut down out of an abundance of caution. Our offices are closed today and possibly tomorrow. We cannot access email or files. Hopefully we’ll be up and running again very soon! pic.twitter.com/vDbS5iKx8s

— Grace Kendall (@GraceKendallLit) June 27, 2022

Macmillan told The Record that it immediately took all of its systems offline on Monday to “prevent further impact to our network.”

“Macmillan recently experienced a security incident, which involves the encryption of certain files on our network. We are working diligently with specialists to investigate the source of this issue, understand its impact on our systems, and to restore full functionality to our networks as soon as possible,” a company spokesperson said. 

“Customers and other third-party partners may notice that certain systems are unavailable while these efforts are underway. Please know that the Macmillan team is working around the clock on this restoration and installation of additional network safeguards.”

The spokesperson added that they are now in the process of bringing certain systems back online, specifically those that were taken down as a precautionary measure. 

The company’s UK warehouse was able to resume operations on Tuesday and it is still able to accept orders electronically in the U.S. but is unable to process them. 

Employees said they could not access their emails, files or company systems this week, and St. Martins Press executive Editor Sarah Cantin said she was still struggling to get access restored on Thursday. 

Count me among those not yet back online—we’re all trying our hardest to manage things from afar but it’s been a real challenge. If you’ve emailed me and it can’t wait until next week (bearing in mind the holiday weekend), please DM so that I can try to triage. https://t.co/vYxfmnyVTo

— Sarah Cantin (@sarahgcantin) June 30, 2022

According to Publishers Weekly, Macmillan’s field sales team emailed customers notifying them that they were not able to “process, receive, place, or ship orders.”

This is not the first ransomware attack on a book publisher or library service. In April, the LockBit ransomware group attacked popular German library service Onleihe, which allows users to rent and borrow e-books, electronic newspapers, magazines, audio books and music from more than 200 libraries across Germany, Austria, Switzerland, Italy, Liechtenstein, Denmark, Belgium and France.

Many of the websites connected to their platform – ID-Delivery, divibib.com, the divibib user forum, ekz.de, ekz.at, ekz.fr and certain catalog data – were affected by the attack.