Cyber Incident Victim: CPI
Date:
Feb 2025
Location:
United Kingdom
Summary
A UK-based book printing company experienced a ransomware attack that disabled its IT systems, severely disrupting operations and forcing clients to seek alternative printers at higher costs, significantly impacting their profits. The organization engaged external specialists to restore services and implement workarounds while maintaining customer communication, though full recovery remains ongoing. Separately, a London literary agency was compromised by the Rhysida ransomware group, which exfiltrated data and threatened public release unless paid; forensic efforts were hindered by the attackers' anti-detection techniques, prompting warnings to potentially affected individuals about vigilant monitoring of personal accounts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 7, 2025, UK book printer CPI experienced a ransomware attack that disabled its IT systems, specifically impacting its UK operations. The incident began in the early hours of that day, prompting immediate engagement of external cybersecurity specialists alongside internal teams to initiate forensic analysis and recovery efforts. CPI confirmed the attack compromised its network despite existing security measures, forcing operational workarounds across its nine UK factories responsible for producing 160 million annual publications. Clients such as Firefly Press reported severe disruptions, including delayed print runs for March releases and critical stock shortages. Publisher Penny Thomas stated the crisis required emergency digital printing through third parties at non-competitive rates, erasing profits on key orders and threatening financial stability for some titles. CPI maintained ongoing communication with customers about gradual service restoration but could not guarantee timelines for full recovery. Concurrently, London-based literary agency The Agency disclosed a separate ransomware attack attributed to the Rhysida group, known for prior attacks on the British Library. Rhysida encrypted The Agency’s data files, rendered systems inaccessible, and threatened to leak stolen client information unless paid a ransom.
The Agency’s books department head Jessica Hare notified clients via email that personal data might have been copied, though no public leaks were confirmed at the time. Forensic efforts were hindered by Rhysida’s anti-tracing tactics, including deliberate system clean-up activities. The Agency implemented protective security measures with external IT specialists and collaborated with the Metropolitan Police cybercrime unit while advising clients to scrutinize suspicious communications. Business impacts extended beyond operational paralysis, with Firefly Press describing profit losses as "significant" and CPI acknowledging widespread customer disruptions across its printing network. The British Library’s 2023 Rhysida attack, which cost £6 million in digital service reconstruction, underscored potential long-term recovery challenges for both entities. CPI focused on system reimplementation and workaround development, while The Agency prioritized threat monitoring and victim notifications without disclosing further details due to ongoing incident management.