The Rhysida ransomware group executed a cyberattack to compromise the British Library’s security. The organisation published a low-resolution image on its leak site, claiming to show a sample of data stolen from the renowned library.
The Rhysida ransomware group has disrupted the reading experience, requiring users to rely on manual search queries at the library’s King’s Cross site. This has resulted in significantly limited service for people seeking access to books and manuscripts.
On Monday, November 20, Rhysida ransomware group launched a seven-day online auction including data that it claimed to have stolen from the British Library.
According to group:
With just 7 days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data. Open your wallets and be ready to buy exclusive data. We sell only to one hand, no reselling, you will be the only owner.
The attacker’s identity may be new, but the criminal method is not. Ransomware groups make computers in an organisation unavailable by infecting them with harmful software (malware). They then demand payment, typically in bitcoin, to release the data.
In recent years, a method known as ‘double extortion’ has been popular among hackers. This comprises the simultaneous theft of data and the threat to publish it publicly, a method designed to increase the strength of their negotiations.
The ransomware group leaked a low-resolution screenshot, appearing to be ID scans pilfered from the compromised library system. FBI and CISA jointly released a warning on Rhysida’s opportunistic attacks, highlighting the ways in which they affect different industrial sectors.
On their leak site, they openly offered to sell the stolen data, with a starting cost of 20 bitcoins, or almost £590,000.
Rhysida ransomware compromises HR documents
The library has not officially responded to Rhysida’s complaints. However, the organisation confirmed a possible compromise of HR data from its internal files in a recent update on X (formerly Twitter).
The national library of the United Kingdom has not discovered any proof that the attackers obtained further information during the attack.
As stated by the BL Press Office on X:
We have now confirmed that this was a ransomware attack, by a group known for such criminal activity. We are aware that some data has been leaked, which appears to be from files relating to our internal HR information. We have no evidence that wider user data has been compromised. However, we are recommending as a precautionary measure that if users have a password for British Library services that they also use elsewhere, they should change it.
On Saturday, October 28, the library’s systems became the target of an encryption attack. Since then, an extended IT outage has disrupted the British Library’s online systems, services, and physical services such as Wi-Fi. The website is still offline over three weeks after the attack.
The library expects to restore various services in the following weeks. Certain interruptions, on the other hand, may last for a lengthy period of time. With over 11 million visitors each year, the library’s website is a hive of activity, servicing the needs of more than 16,000 people both onsite and online daily.
The British Library, a popular target for Rhysida in the United Kingdom, has fallen victim to the group. Rhysida is also known for attacking government organisations in Portugal, Chile, and Kuwait. Rhysida ransomware group claimed responsibility for a cyberattack on Prospect Medical Holdings, a US hospital chain, in August.
Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology, you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks.
