St Louis Public Library (SLPL) has demonstrated the importance of backing-up to thwart ransomware attackers, after being hit by the malware last week.
In a lengthy note to library users on Monday, executive director, Waller McGuire, explained that cyber-criminals managed to install ransomware on the network last Thursday – affecting checkout and computer access at all 17 locations.
The library followed best practice in contacting the FBI and refusing to pay the ransom.
“Working through the night and weekend, the Library’s technology staff successfully regained access to the affected servers and is using the Library’s backup system to restore them. Our first priority was to restore the ability of patrons to check out books. That has now been accomplished, and our patrons may once again check out materials at all our locations,” McGuire explained.
“Staff have begun restoring service to the reserveable computers at each location: as of today, January 23, some computers are available at many of our locations. For the time being, I ask that you call ahead and make certain a computer is available. We hope to make all public computers and mobile printing available shortly.”
Library staff are now working with the FBI to discover how cyber-criminals managed to access its IT systems.
Very often in these cases, that’s done via a phishing email designed to socially engineer the user into clicking on a malicious link or open a malware-laden attachment. In those instances halfway decent gateway and endpoint security can usually filter out 90%+ of such threats.
Kyle Wilhoit is a senior security researcher at DomainTools and St Louis resident who was affected by the incident.
“Unfortunately, ransomware actors rarely, if ever, differentiate between victims. I’ve seen nefarious ransomware authors infect grandmothers in their 70s all the way to non-profits doing cancer research,” he argued.
“Too often, organizations will pay the ransom amount to get their files back. While it’s certainly understandable why someone would pay to get their files back, paying the ransom to the malware authors only continues to feed into their nefarious behaviors. I’m happy to read that the St Louis Public Library didn’t pay up. Let this be a lesson to organizations in the future – back up all of your data and continue to groom relationships with skilled incident responders and threat intelligence professionals.”