12296261478?profile=RESIZE_400x“We’re open for everyone,” announces a brightly colored sign welcoming visitors to the British Library.  But inside the airy building beside London’s St Pancras Station, not everyone can get what they want.  Not since the library was struck by cyber criminals at the end of last month.  The ransomware attack, carried out by a group known for such activity, has knocked out the website of the UK’s national library.  It has also taken down the WiFi, upon which the crowds who come here to work rely.  But perhaps most disruptively of all, it has prevented users from ordering whatever they may need from the library’s 150 million-strong collection of items.

After years of digitization, our national library – one of the world’s largest – has been thrown back to the dark ages.  Readers can still request some items via its printed catalogues, by completing paper forms, but this excludes anything stored at the library’s West Yorkshire outpost in Boston Spa (where three-quarters of the collection is kept).[1]

Elizabeth Prochaska, 42, is using the library to research her forthcoming book on the history of childbirth.  Or at least she is trying to.  “It’s still possible to get some books but everything has to be done by hand and only certain types of books can be ordered ones that are here,” she says as she leaves the library’s Terrace Restaurant.  About half the books she needs for her research are in Yorkshire and are thus unattainable.  “The reading rooms are like ghost rooms.  The staff look really demoralized,” she says.  “But people have been understanding because everyone knows these cyber-attacks are a vicious act of vandalism.  People have asked for timelines [for when services might be up and running again], but I think they understand it takes time to sort these things out.”

The problems have persisted for almost three weeks now, and the library can only offer vague assurances.  It anticipates restoring many services “in the next few weeks”, while warning that some disruption may persist for longer.  “It is too soon to offer an exact timetable, but we will provide regular updates as we progress this vital work,” says library chief executive Sir Roly Keating.

A modern malady in an age when almost everything is digitized, and thus potentially vulnerable, ransomware attacks tend to be indiscriminate.  The perpetrators generally cybercriminals based in Russia and its neighboring countries simply target whichever systems they can access. They are now estimated to be carrying out hundreds of attacks in Britain each year.

Only limited services remain available at the British Library following the cyber-attack.  In fact, in some instances, the attackers do not realize the identity of their victim until the whole attack has happened.  “The fact it’s the British Library is beside the point from the cyber criminals’ perspective,” says a source working in cyber security.

12296261489?profile=RESIZE_400xTheir motivation is financial.  As the name of the crime suggests, the aim is to hold organisations and businesses to ransom.  Their method of attack is ransomware, a type of malware (software designed to disrupt, damage or gain unauthorised access to a computer system) that prevents the victim from accessing their device and the data stored on it, usually by encrypting their files.

The hackers then post a message on the system, outlining their financial demands and promising to provide a unique decryption key upon payment.

According to reports today, the Rhysida ransomware group has claimed responsibility for the British Library attack and possibly because the library has refused to pay the ransom is threatening to sell data it has stolen in an online auction with a starting bid set at 20 Bitcoin (almost £600,000).

The British Library declined to comment on this, but confirmed that “some data has been leaked.”  It said in a statement that the data appeared to be from internal HR files and that it had no evidence users’ data had been compromised.  It added: “However, if you have a British Library login and your password is used elsewhere, we recommend changing it as a precautionary measure.”

Last week, US authorities released an advisory warning against Rhysida ransomware, describing it as “an emerging ransomware variant”, which has mainly been deployed against the education, healthcare, manufacturing, information technology, and government sectors since May 2023.

Back at the British Library, with no clear end in sight, students, academics, freelance workers and straightforward readers are growing frustrated.  Zoe Tweed, 35, is due to submit her PhD thesis on the playwright Samuel Beckett and performance artists Marina Abramović and Ana Mendieta in mid-December.  “This is just an absolutely crucial time for me in terms of research,” says the Reading University theatre performance postgraduate.  If she needs to check something in a book, it’s no longer a simple process.  “Before, I could see if that book was available and order it in the next hour.  It’s been really frustrating that I haven’t been able to do that…It’s been really unsettling.”

Despite the limitations on what they can currently do here, almost every available seat in the library’s atrium is, as usual, occupied mostly by young people staring at laptop computers.  But with the Wi-Fi down, they can only get online by tethering their mobile phones.

Meanwhile the reading rooms have fallen “really quiet”, says Peter Moffat, 61, the Bafta-winning television writer behind the legal dramas Silk and Criminal Justice, whom I come across during my visit.  “The drop in numbers is profound.”

Time, for those with deadlines to meet, is in short supply.  But the damage caused by the attack on a library which contains everything from two of the four surviving copies of the original Magna Carta to original handwritten Beatles lyrics cannot be rapidly resolved.  The remedy either requires a lot of time or a lot of money.

12296262054?profile=RESIZE_584xThe British Library cyber-attacks are seen by library-goers as a ‘vicious act of vandalism’

The ransom charged for a decryption key varies depending on what the criminals think the victim can afford.  And it’s become big business, with the ransom typically in the order of millions of pounds.  Some victims will simply pay out, in the hope of resolving matters as quickly and quietly as possible.  Others “rule it out on moral grounds and won’t consider it”, says the cyber security source.  There is also a third group who, with their business on the line and despite feeling ill at the prospect, feel they have no choice but to comply with the criminals’ demands.

The Government opposes paying ransoms.  Given the British Library’s status as a non-departmental public body sponsored by the Department for Culture, Media and Sport, it is unlikely to hand over the money to the attackers.  Instead, it may face weeks of rebuilding its systems.  “The chances of decrypting the encryption [yourself] are zero,” says the source.  “You can’t hack it back to normal again so you have to start from zero and rebuild everything.  That means you have to have offline backups and go back to where you’ve stored everything.  If you’ve taken the right precautions and made offline backups, you can get around it.  But it’s a very lengthy and costly process and it often costs more than the cost of the ransom.”

Fighting the crime itself is not straightforward.  The perpetrators, operating from overseas office blocks, run their activities like businesses.  “They’re pretty professionalized,” says the source.  The threat, moreover, continues to evolve, from encryption-only to data theft too, and the threat that this data will be leaked.  In the long run, data extortion could become much more profitable than the actual encryption even.

At the end of last month, the 50 member states of the International Counter Ransomware Initiative (including the UK) met in Washington DC and reaffirmed its joint commitment to building collective resilience and cooperating to pursue cybercriminals.  But in its annual review this week, the National Cyber Security Centre (NCSC) warned that Britain’s cyber resilience still isn’t where it needs to be.

In August last year, an attack on a firm called Advanced, which provides software for parts of the health service, caused widespread outages across the NHS.  Patient referrals, ambulance dispatch, out-of-hours appointment bookings, mental health services and emergency prescriptions were all affected.  Along with the Metropolitan Police, the NCSC is supporting the investigation into the attack on the British Library.

Meanwhile, some regular library users have found a silver lining.  An academic working on an article about 19th-century British theatre is eating a sandwich on the second floor, looking down at the stream of visitors in the main lobby.  “The flipside of being unable to access what you need is that you have to think for yourself,” he muses. No longer can he put off the actual execution of his work.  “Now,” he shrugs, “I just sit and write.”

This article is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings


[1] https://news.yahoo.com/cyber-attack-crippled-british-library-130000506.html

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!