On Oct. 28, the British Library went dark. Visitors lost access to the library’s online catalog, which allows users to search and order items from the institution’s underground repositories. With over 170 million items, the British Library currently holds Europe’s largest collection of written material and is the second-largest library in the world. The Electronic Legal Deposit system, which allows users to read digital copies of every work published in the United Kingdom and Ireland, also became inaccessible. At the library’s main site in central London, staff members discovered that its Wi-Fi services, electronic payment system and even phone lines had all been remotely deactivated.
On Oct. 31, the British Library acknowledged that it was experiencing “a major technology outage” as the result of a cybersecurity incident. Two weeks later, on Nov. 20, the library confirmed that it had been the victim of a ransomware attack. Exploiting a weakness in the library’s cybersecurity, hackers from the cybercrime group Rhysida installed software that encrypted library data and prevented users from accessing digital services. The group also scraped personal information from the library’s human resources database, holding an auction in between Nov. 20 and Nov. 27 to sell a collection of what it called “unique and impressive data” to the highest bidder.
Since 2019, many ransomware groups have been engaging in so-called double extortion, by which they demand that organizations to pay a ransom to access their data while simultaneously threatening to sell the data to third parties. However, paying the ransom does not guarantee that the stolen data won’t also be sold or otherwise exploited. Last September, the Seattle-based moving company Dolly allegedly paid an undisclosed sum to a cybercrime group for the return of its encrypted data, but later found the ransomed files on a prominent cybercrime forum.