Tag Archives: ransomware

Tech

Weekly Training Tip: Dealing with Ransomware

Ransomware-picYou have probably heard stories about ransomware already, but may not be sure about it, or may think your little library does not have anything worth stealing. But criminals know your data is important to you, no matter what it may be.

Most of our members are part of larger organizations: schools, colleges, and other parent groups. If they have an IT department, it would be worth your time to ask what they are doing to protect your website. And if possible, it may be worth backing up your site and your data yourself – just in case!

What is ransomware? It is software that blocks access to your files; or threatens to publish your files. Picture a criminal holding your patron registration hostage, threatening to release names, addresses and circulation data. Or pulling up your website, only to see a skull and crossbones – and a demand for bitcoin.

Short version: it’s bad.

But the good news is that you can take some steps to avoid this problem. And be sure you are backing up your site, so if you are hit by ransomware, you can just move on! (Well, it’s still going to be a hassle and problems for your library – but everything is not destroyed, and you do not have to pay money to anonymous criminals. So it is pretty much a win!)

We have a few resources here for you to browse, as you work to put together your own disaster plan for a ransomware attack.

General ransomware articles:

Sources for data backup

Communication, Tech

Spotlight Library News Story: Ransomware in Spartanburg!

Ransomware-pic

We have talked about the dangers of ransomware in prior articles. (See: Ransomware hits St. Louis Public Library and The Best Ransomware Protection of 2017) And here we are again, with another library being hit by a ransomware demand.

Check out the excerpt of this story below, read the entire thing, and then look around your library to see what you can do to help protect your library from ransomware attacks!! Don’t gamble on losing all your online information to thieves; take a few steps now to protect your library.

Spartanburg public library computer system hit by ransomware

“Users of Spartanburg County Public Libraries were unable to check out or return books for a second day Tuesday after a ransomware attack sent out by cybercriminals shut down the library system’s computer network and website.

County Librarian Todd Stephens said technicians were working on the problem and had no idea when services and access to the online catalog will be restored, although the main library and all 10 branches remain open.

“Somebody has taken hostage the public’s library data,” he said. “We just don’t know the extent of the damage at this point. We are going to be down for an uncertain amount of time until our guys slowly bring everything up.”

Stephens said he immediately notified the library board of trustees and Spartanburg County administration. He said he hasn’t yet contacted law enforcement.

Shortly after 11 a.m. Monday, a library Internet technician noticed suspicious activity, Stephens said.

“When he engaged, he received notification that our system was hit with a ransomware attack,” Stephens said. “We immediately shut down all computer-related services, including computer use, wireless, checking out and checking in (library materials).”

The attacker demanded payment of 3.6 to 3.8 bitcoins, which Stephens said was estimated to be $36,000 or more.

Stephens said he has no intention of meeting the attacker’s demands.

“We don’t believe it is a data breach, we believe it’s a hostage situation” in exchange for releasing all the library’s computer data — which totals about 740,000 physical and online digital items, he said.

Stephens said the library does not keep on file users’ sensitive information such as Social Security, credit card or driver’s license numbers.

Those who use credit cards to pay library fines have no need to worry because a third party vendor is used, he said.

“We just don’t know the extent of the damage at this point,” Stephens said.

He said the attack is similar to one in December in Mecklenburg County, N.C. An employee opened a malicious “phishing” email and accessed an attached file that triggered the attack. Mecklenburg County officials rejected the demand for 2 bitcoins for the release of the locked data, and eventually restored the data.

Apparently, the Spartanburg library system attacker sent out the virus by email as far back as September, but just recently someone from the public or an employee opened it and triggered the attack, Stephens said.”

(read the rest of this article here!)

Communication, Tech

CMLE Weekly Training: Defending against Ransomware

Ransomware-picRansomware is around, and we are hearing stories about it happening to schools around Central Minnesota!

You have probably heard stories about ransomware already, but may not be sure about it, or may think your little library does not have anything worth stealing. But criminals know your data is important to you, no matter what it may be.

Most of our members are part of larger organizations: schools, colleges, and other parent groups. If they have an IT department, it would be worth your time to ask what they are doing to protect your website. And if possible, it may be worth backing up your site and your data yourself – just in case!

What is ransomware? It is software that blocks access to your files; or threatens to publish your files. Picture a criminal holding your patron registration hostage, threatening to release names, addresses and circulation data. Or pulling up your website, only to see a skull and crossbones – and a demand  for bitcoin.

Short version: it’s bad.

But the good news is that you can take some steps to avoid this problem.  And be sure you are backing up your site, so if you are hit by ransomware, you can just move on! (Well, it’s still going to be a hassle and problems for your library – but everything is  not destroyed, and you do not have to pay money to anonymous criminals. So it is pretty much a win!)

We have a few resources here for you to browse, as you work to put together your own disaster plan for a ransomware attack.

General ransomware articles:

Sources for data backup

Communication, General, Resources

Ransomware hits St. Louis Public Library!

MalwareWe have probably all heard about ransomware attacks on organizations, but it’s hard to believe libraries could be a target of these coordinated attacks.

But those ideas are wrong; and this week the St Louis Public Library is serving as our latest warning.

“Hackers have infected every public computer in the St. Louis Public Library system, stopping all book borrowing and cutting off internet access to those who rely on it for computers.

The computer system was hit by ransomware, a particularly nasty type of computer virus that encrypts computer files.

 This form of attack renders computers unusable — unless victims are willing to pay an extortion fee and obtain a key to unlock the machines.

According to the library, hackers demanded $35,000 in the electronic currency Bitcoin — but the library refuses to pay. Instead, it’ll wipe the entire computer system and reset it, which could take days or weeks. Continue reading Ransomware hits St. Louis Public Library!