British Library website offline after ransomware hack

Originally published at: British Library website offline after ransomware hack - Boing Boing

…

So does that mean they didn’t pay the ransom? Or did they pay, and the attackers just fucked everything up anyway? Because the preferred response to these attacks, believe it or not, is to pay the ransom, and then make sure all your shit is better protected.

Which is why this plan is such utter idiocy:

Semi-related - I wanted to buy some Mylar for my large art books and this AMAZING giant book I got on vintage Kenner Star Wars figures, as well as these two 1940s newspaper comic strips from France I have that I think I figured out a way to protect in Mylar. (It was called Hurrah, and the reason I got them was it is the first appearance of Judex, which was a silent film character in France, but they took the US Shadow comic strip, and just renamed the characters (as well as edit some art. They paper was continued post invasion, with two different versions, one made Paris, and one in Vichy France.)

Anyway, Brodart is my go to place for archival quality supplies and their site is down! Hacked or ransomware, the site is still down and you have to call in orders like a cave man! And the shipping times etc are horrible now. I feel so bad for them, but their IT dept should be fired for not backing everything up.

Same thing happened to Toronto Public Library about 3 months ago; they didn’t pay the ransom. They are still down. TPL is one of the largest public library systems in the world.

Try Carr McLean or Gaylord for archival supplies if Brodart is down.

Oh, I forgot to say, every other month or so, I get some fishy ass email and it is the IT department trying to trick me to click on a bad link. They haven’t gotten me yet, although there was ONE email that actually used the program we use for job tickets etc and it almost got me. It was out of the ordinary though, so I did over over links etc and finally went, “Hrm, I don’t think this is real.”

I might do that next time, but I already put in my order - LIKE A CAVEMAN - via phone.

They messed up my card info it sounds like, making my order delayed. Hopefully it is on its way now?

Off-topic: Judex! I loved the 1938 film. That party scene with the bird heads…

As a heavy TPL user, I’m both frustrated and angry. At least many of their online services are accessible.

Apparently the London Ontario library has also been a ransomware victim.

Libraries are typically underfunded; I know TPL is, so there is actually no money to pay any ransom. Budgets have not been huge over the last few years, and there have been deep cuts, and there will continue to be deep cuts.

I know of it, and I do want to watch it. I heard it is a really good silent era film.

“It’s because they got cybered”

Today’s work e-mail brought a thought-provoking statement: “Breaches are inevitable. To win the war against ransomware, resilience must be prioritized over defense.”

Analysts are coming around to this way of thinking and all IT organizations have to adjust to this reality. Large and small institutions that haven’t made the investments yet will suffer the worst.

Who the hell tries to rob a library?

Hackers who assumed that the British Library, being a national-level public institution in a wealthy first world country, would be able to pay the ransom.

With all of the fat corporate targets out there that are laser-focused on making as much money as possible whenever possible, as opposed to government institutions on a strict budget who will basically say, “Well shit now we’ll need to rebuild so we can provide services again,” I think that the answer is: stupid people.

The fat corporate cats can also afford to back up anything and everything offsite in airgapped storage, so when cyberrobbers hit them, they can scrub and reboot quickly with minimal impact, no problem. If something like that happened to us, it would be months before we got computerized again. We can’t afford anything better.

So again, libraries seem like weird targets for ransomware attacks.

Look, I’m no expert on cybering, or getting-cybered avoidance. To me, there’s just an incongruity in imagining someone out there developing these attacks and thinking about who they should spend their efforts on to make some money and coming up with “libraries.” But I’m not in the know and very much just being an armchair cyber quarterback here.

It seems like attacking libraries with ransomware isn’t paying off, which is good. I love libraries.

Low hanging fruit, or maybe proof-of-concept before they go big.