British Library: Ransomware Recovery Could Take Months

One of the world’s largest libraries has confirmed it was hit by a ransomware attack on October 28, and that it will take weeks or possibly months to fully recover.

The British Library notified the public at the start of this month about a “major technology outage” due to a “cyber incident,” but went no further at the time.

The breach impacted phone lines and on-site services at its main building in London and a separate facility in Yorkshire, as well as access to digital collections, its website and digital catalogue.

In an update earlier this week, the library confirmed the incident was the result of a ransomware attack, launched “by a group known for such criminal activity,” and said it was taking targeted protection measures as well as conducting digital forensics work.

Read more on ransomware: Recovery From NHS Ransomware Attack May Take a Month

“We’re continuing to experience a major technology outage as a result of a cyber-attack,” it continued.

“The outage is still affecting our website, online systems and services, as well as some onsite services including Wi-Fi. We anticipate restoring many services in the next few weeks, but some disruption may persist for longer.”

Among the services still unavailable are the library’s main website, digital services offered via its Business & IP Centre (BIPC), and any collection items set to be delivered after October 28. The library added that it is only able to issue temporary reader passes and support “very limited, manual collection item ordering” via paper forms and a printed catalogue.

There’s still no word from the library yet on whether data was stolen as part of the attack, as it was in a Black Basta breach at the Toronto Public Library in October.

“More often than not, hackers steal data as well as encrypting systems, using the sale of this data as their ‘back-up’ if ransom negotiations fail,” explained Comparitech head of data research, Rebecca Moody.

“Worldwide, we have noticed an uptick in publicly confirmed ransomware attacks on government organizations this year. So far, we have recorded 167 ransomware attacks on government departments around the world, compared to 156 throughout all of 2022.”