We have talked about the dangers of ransomware in prior articles. (See: Ransomware hits St. Louis Public Library and The Best Ransomware Protection of 2017) And here we are again, with another library being hit by a ransomware demand.
Check out the excerpt of this story below, read the entire thing, and then look around your library to see what you can do to help protect your library from ransomware attacks!! Don’t gamble on losing all your online information to thieves; take a few steps now to protect your library.
“Users of Spartanburg County Public Libraries were unable to check out or return books for a second day Tuesday after a ransomware attack sent out by cybercriminals shut down the library system’s computer network and website.
County Librarian Todd Stephens said technicians were working on the problem and had no idea when services and access to the online catalog will be restored, although the main library and all 10 branches remain open.
“Somebody has taken hostage the public’s library data,” he said. “We just don’t know the extent of the damage at this point. We are going to be down for an uncertain amount of time until our guys slowly bring everything up.”
Stephens said he immediately notified the library board of trustees and Spartanburg County administration. He said he hasn’t yet contacted law enforcement.
Shortly after 11 a.m. Monday, a library Internet technician noticed suspicious activity, Stephens said.
“When he engaged, he received notification that our system was hit with a ransomware attack,” Stephens said. “We immediately shut down all computer-related services, including computer use, wireless, checking out and checking in (library materials).”
The attacker demanded payment of 3.6 to 3.8 bitcoins, which Stephens said was estimated to be $36,000 or more.
Stephens said he has no intention of meeting the attacker’s demands.
“We don’t believe it is a data breach, we believe it’s a hostage situation” in exchange for releasing all the library’s computer data — which totals about 740,000 physical and online digital items, he said.
Stephens said the library does not keep on file users’ sensitive information such as Social Security, credit card or driver’s license numbers.
Those who use credit cards to pay library fines have no need to worry because a third party vendor is used, he said.
“We just don’t know the extent of the damage at this point,” Stephens said.
He said the attack is similar to one in December in Mecklenburg County, N.C. An employee opened a malicious “phishing” email and accessed an attached file that triggered the attack. Mecklenburg County officials rejected the demand for 2 bitcoins for the release of the locked data, and eventually restored the data.
Apparently, the Spartanburg library system attacker sent out the virus by email as far back as September, but just recently someone from the public or an employee opened it and triggered the attack, Stephens said.”
(read the rest of this article here!)