It is so ironic how a public library sharing information was hit by a ransomware attack. A library’s main function is to share free information and and that free information is still held for ransom by malware.
Because of their very good infrastructure and design, their services are being restored. The ransomware was able to impact their machines last Thursday and spread its way to all 17 branches.
The attackers demanded for $35,000 as a ransom for their data, however, Library management refused to pay. Their diligent IT staff wiped the affected servers and restored them from good working backups.
The day after the attack, Friday, St. Louis Public Library was able to restart their workflow. Patrons were able to check out books on all locations. The day after, their checkout and returns system back to normal at 100 percent availability. The only thing remaining to be restored is their reserve system. Past forward a few days and they should be up and running shortly.
The library’s Executive Director Waller McGuire said the library immediately reached out to the FBI for help to investigate. As of this writing, it is not clear where the infection began, nor how it spread.
The library was not the victim here, but the patrons who use their services. Although the library has worked hard to open a secure but widely available digital world to the people of St. Louis, it got interrupted due to the infection. According to McGuire, “An attempt to hold information and access to the world for ransom is deeply frightening and offensive to any public library, and we will make every effort to keep that world available to our patrons.”
The personal information of the patrons’ and financial information is not stored on its servers. None of their data personal data is not impacted by the attack. Wi-Fi service was not interrupted and their website did not go down and was still able to offer books, movies and downloads and was not impacted by the attacks.
St. Louis Public Library has been working closely with the FBI to help identify how the cyber criminals were able to get into the system and help identify how to correct the problem.
McGuire said. “I apologize to patrons for any inconvenience this incident has caused: on most days thousands of St. Louis Public Library patrons check out materials and use computers for many purposes.”
A request for additional comment from McGuire was not returned in time for publication. It’s unknown which ransomware family was used to attack the library, nor how the infection started. McGuire said in his letter to patrons that criminals broke into the library network and installed malware. This runs contrary to most ransomware infections where the malware is spread in spam or phishing emails enticing the victim to open a malicious email attachment or click on a link in the message that downloads the malware.
In a course of a few years, malware has been so rampant. St. Louis is the latest of the growing list of businesses and institutions that got hit by ransomware.
If you anybody can recall, less than a year, the Hollywood Presbyterian paid $17,000 and the Kentucky Methodist Hospital refused to pay. Another victim was the University of Calgary and others as well. The list includes other colleges, universities, local law enforcement and government agencies, and entertainment organizations.