Ransomware group admits British Library cyberattack
Rhysida criminal group says it carried out cyberattack and is now attempting to auction stolen data.
Visitors to the British Library in London might not be immediately aware that it is under siege. When I was there, the place bustled with activity. As well as researchers in the reading rooms, all the tables were occupied in the café so there was nowhere left to sit down. The gift shop, bookshop and current free exhibition – on fantasy – were all crowded.
Photo by Steve Cadman
Really, the only clue to suggest anything amiss was the reaction of some people, mostly students, coming in through the main doors. They’d see the sign saying no WiFi available, turn on their heels and walk out again.
As we’ve been reporting for weeks now, the lack of WiFi is just one aspect of a serious cyberattack on the British Library’s tech systems. There remains no access to the library’s digital catalogue or collections, or any means to register readers. Authors cannot register new books for the Public Lending Right.
Now the Rhysida ransomware group has admitted carrying out the attack, posting some documents online as evidence that they are the culprits. Since May this year, the group has been opportunistically targeting organisations in such sectors as education, government and healthcare. The group’s website is currently offering the data from the British Library for auction, using Bitcoin as such transactions are harder to trace. The opening bid was 20 Bitcoin – estimated at some $745,000. The auction is due to end on November 27.
Yesterday, in an email to registered users, the British Library said: ‘We’re aware that some data has been leaked. While this appears to be from our internal HR files, we recommend that if you have a British Library login with a password that you use elsewhere, you change it on other sites as a precautionary measure. The National Cyber Security Centre (NCSC) provides guidance on staying secure online, including how to create a strong password.’
Beyond this, staff at the British Library remain understandably tight-lipped about what is going on and what the long-term effects may be to the library and its services. However, Jake Moore, a global cybersecurity advisor at ESET, told tech news site The Register that, ‘Rhysida are likely to have not been paid the ransom,’ demanded from the British Library, ‘are now pushing out the next phase of the attack by threatening the release of data.’
It’s not immediately clear what this stolen data comprises exactly – or how much it might be worth to prospective buyers. But this is a serious, well-organised attack on a major institution, and there may be more to come.
Last week, the annual review from the National Cyber Security Centre, which is working with the British Library, warned that the threat to the nation’s most critical infrastructure is ‘enduring and significant’. It notes a rise in state-aligned groups, an increase in aggressive cyber activity and ongoing geopolitical challenges. The NCSC also offers a range of advice and guidance.
In related news:
Cyber skills training for more than 50,000 secondary-school students
Sophisticated, long-term cyber-attack on Electoral Commission
Leave a Reply