The British Library is the UK’s most extensive library and was attacked by hackers on October 31. This led to a leak of information about the people who work there, and the library’s website had to be shut down for a while because of the attack.
A group of hackers called Rhysida ransomware admitted to causing the attack. They are now threatening to sell the information they stole, like passport scans, and they are asking for 20 Bitcoins (around £596,459) in exchange.
The library said on its website that it was a ransomware attack. The leaked information seems to be from the internal HR files of the library’s employees. However, it is stressed that there is no evidence suggesting that the data of its users has been compromised. It did not confirm whether the data being auctioned off belongs to the employees of the British Library.
The National Cyber Security Centre (NCSC) is actively collaborating with the library to assess the full impact of the incident. A spokesperson from the NCSC said that ransomware is a primary cyber threat in the UK. It advises organizations to have strong defenses to protect their networks.
The Rhysida ransomware group, known for attacking ‘targets of opportunity,’ has set a price of 20 Bitcoin for the stolen data. The group claims the auction for this “exclusive, unique, and impressive data” will conclude just before 0800 GMT on November 27, with the data to be sold to a single-party winner. The authenticity of the leaked data, which includes what seems to be HMRC employment contracts and passports, has not been independently verified by the BBC.
The FBI and the US Cybersecurity & Infrastructure Security Agency warned about the Rhysida group on November 15, noting its impact on various sectors, including education, healthcare, manufacturing, information technology, and government.
Recent victims of Rhysida’s cyber attacks include the Chilean army, the Portuguese city of Gondomar, and the University of West of Scotland.
Analysis by Joe Tidy, BBC Cyber Correspondent
Joe Tidy, the BBC’s Cyber Correspondent, talked about how common ransomware attacks are. Criminal groups like Rhysida successfully compromise data and disrupt operations daily. Tidy reinforced law enforcement agencies’ advice worldwide to refrain from paying ransoms to these criminals. Despite this, some victim organizations opt to pay them to get things back to normal faster.
As a public institution, the British Library will not likely give in to cybercriminals’ demands. The countdown on the Rhysida darknet leak site shows that the stolen data might be given away or deleted in six days. Tidy highlighted the troubling implications for employees at risk of identity fraud, and it could be a serious problem if the hackers had accessed more sensitive or extensive data sets.
The British Library committed to restoring services in the coming weeks, acknowledging potential disruptions to services like book ordering. It advised users to change passwords used elsewhere as a precautionary measure, assuring that protective measures were implemented and investigations were ongoing with the support of the NCSC, the Metropolitan Police, and cybersecurity specialists.
In conclusion, the cyber attack on the British Library serves as a reminder that hackers who use ransomware are always a threat. It shows that organizations need to strengthen their computer security to protect against these attacks.