The British Library, the nationwide library of the UK and one of many world’s largest libraries, has confirmed {that a} ransomware assault led to the theft of inside information.
In late October, the British Library first disclosed it was experiencing an unspecified cybersecurity incident that brought on a “main know-how outage” throughout its websites in London and Yorkshire, which downed its web site, cellphone traces, and on-site companies, akin to customer Wi-Fi and digital funds.
Two weeks on, and the British Library outage continues to be ongoing. Nonetheless, the group has now confirmed the disruption is the results of a ransomware assault launched “by a bunch recognized for such legal exercise.” The British Library stated that some inside information has leaked on-line, which “seems to be from our inside HR information.”
This affirmation comes hours after the British Library was listed on the darkish net leak web site of the Rhysida ransomware gang. The itemizing, seen by information.killnetswitch, claimed duty for the cyberattack and threatens to publish information stolen from the British Library until it pays a ransom demand. The gang demanded greater than $740,000 price of bitcoin on the time of writing.
The Rhysida ransomware gang hasn’t stated how a lot or what forms of information it has stolen from the British Library, however samples of the information shared by the gang seem to incorporate employment paperwork and passport scans.
Rhysida was final week the topic of a joint CISA and FBI advisory, which warned that the group leverages external-facing distant companies, akin to VPNs, to compromise organizations throughout the schooling, IT and authorities sectors. The advisory additionally warned that Rhysida, which was first noticed in Might, shares overlaps with the Vice Society ransomware gang, a hacking group recognized for ransomware extortion assaults on healthcare and academic organizations.
“Notably, in accordance with the ransomware group’s information leak web site, Vice Society has not posted a sufferer since July 2023, which is across the time Rhysida started reporting victims on its web site,” Sophos researchers Colin Cowie and Morgan Demboski wrote in a latest evaluation of Rhysida.
It’s not unusual for ransomware gangs to disband, rebrand or create new malware variants, usually as a option to evade authorities sanctions or keep away from arrest by legislation enforcement.
In an announcement on Monday shared on X (previously Twitter), the British Library stated it has “no proof” that the information of its clients was compromised however is recommending that customers change their passwords as a “precautionary measure,” notably if clients use the identical passwords throughout a number of companies.
The British Library has not but stated the way it was compromised, how a lot worker information was stolen, or whether or not it has acquired communications or a ransom demand from the hackers. The British Library didn’t reply to information.killnetswitch’s questions, although it’s not clear if the group has entry to e mail companies. The library’s web site stays offline on the time of publication.
The British Library stated in its newest assertion that it might take weeks, or probably even longer, for it to get well from the ransomware assault. “We anticipate restoring many companies within the subsequent few weeks, however some disruption might persist for longer,” the assertion stated.
“Within the meantime, we’ve taken focused protecting measures to make sure the integrity of our methods, and we’re persevering with to analyze the assault with the assist of [National Cyber Security Centre], the Metropolitan Police and cybersecurity specialists.”
