Ransomware authors may take a lesson from the current situation in the St. Louis Public Library system, which is currently on complete lockdown due to an attack that was discovered last Thursday. The authors demanded $35,000 to decrypt the system, which is vital for the operation of the library and includes such things as who currently has which book and the public Internet service.
In the past, nationwide, several government agencies have given in to the demands of ransomware. (See Hacked’s posts on the subject.) But St. Louis library officials allowed their IT people to work overnight, and by morning they had “regained control of the server,” which has nothing to do with accessing the files.
$35,000 is a lot of money to already cash-strapped government departments such as the library systems; perhaps it is no coincidence that the police typically simply pay their way out. Necessity being the mother of innovation, the library system has opted instead to rebuild its system from scratch. One can only hope that this time around they will include an encrypted nightly backup. Open source tools for this very purpose have existed so long that it hardly rates noting that, in the end, this ransomware attack, like all of them, is actually the fault of the person in charge of securing the system.
Since regaining control of the server, the system has opened its locations as of Monday and patrons are free to use WiFi and read books in the library itself, although checking out materials is not possible. Some downloadable materials (which are normally provided by third-parties to public libraries) are still accessible. Public Internet terminals (of which the city has 700) will be coming back online after the priority issue of restoring the borrowing system.
The DNA of the attack has not been discussed much in public, but these things almost always happen as a result of employee activity. When settings are done appropriately, it’s more difficult than ever to escalate from a single machine in a network to such things as the database. Going full circumspect speculation here, it seems likely that the attacker actually compromised a user with access to the database itself.
Library executive director Waller McGuire said in a released statement:
An attempt to hold information and access to the world for ransom is deeply frightening and offensive to any public library, and we will make every effort to keep that world available to our patrons.
Featured image from Shutterstock.
Last modified: May 21, 2020 10:04 AM UTC