The British Library, the national library of the United Kingdom and one of the largest libraries in the world, has confirmed that a ransomware attack led to the theft of internal data.
In late October, the British Library revealed for the first time that it was experiencing an unspecified cyber security incident that caused a “major technology outage” at its London and Yorkshire sites, which took down its website, phone lines and on-site services , such as the visitor Wi. -Fi and electronic payments.
Two weeks on, and the British Library shutdown continues. However, the agency has now confirmed that the outage is the result of a ransomware attack launched “by a group known for such criminal activity.” The British Library said some internal data has been leaked online, which “appears to come from our internal HR files”.
This confirmation comes hours after the British Library was listed on the dark web for leaking the Rhysida ransomware gang. The listing, seen by TechCrunch, claimed responsibility for the cyberattack and is threatening to release data stolen from the British Library unless a ransom is paid. The gang demanded more than $740,000 worth of bitcoins at the time of writing.
The Rhysida ransomware gang has not said how much or what types of data it has stolen from the British Library, but samples of the data shared by the gang appear to include work documents and passport scans.
Rysida was last week subject of joint CISA and FBI advisory, which warned that the group is leveraging external-facing remote services such as VPNs to compromise organizations across the education, IT and government sectors. The advisory also warned that Rhysida, which was first spotted in May, shares overlap with the Vice Society ransomware gang, a hacking group known for ransomware extortion attacks on healthcare and education organizations.
“Specifically, according to the ransomware group’s data leak site, Vice Society has not posted a victim since July 2023, around the time Rhysida began reporting victims on her site,” wrote Sophos researchers Colin Cowie and Morgan Demboski. recent analysis of Rysidas.
It is not uncommon for ransomware gangs to dismantle, revise, or create new variants of malware, often as a way to evade government sanctions or evade capture by law enforcement.
In a statement on Monday shared on X (formerly Twitter), the British Library said it had “no evidence” that its customers’ data had been compromised, but was recommending that users change their passwords as a “precautionary measure”, particularly if customers use the same passwords across multiple services.
It is not known whether the British Library has the technical means to determine whether customer data has been obtained.
The British Library has not yet said how it was breached, how much staff data was stolen or whether it has received communications or a ransom demand from the hackers. The British Library did not respond to TechCrunch’s questions, although it is unclear whether the organization has access to email services. The library website remains offline at the time of publication.
The British Library said in its latest statement that it could take weeks, or possibly longer, to recover from the ransomware attack. “We anticipate the restoration of many services in the coming weeks, but some disruption may persist for longer,” the statement said.
“Meanwhile, we have taken targeted protective measures to ensure the integrity of our systems and continue to investigate the attack with support [National Cyber Security Centre]of the Metropolitan Police and cyber security experts.”
