The ransomware threat to libraries, Part 1: A true story

The first frame is the pop-up you see if you are under attack by Locky Ransomware. The second frame contains ransom instructions. Screen grabs courtesy of NakedSecurity (Sophos) and MalwareBytes

The following story is true. It is based on an interview with an IT professional who provides pro bono support to libraries. Names have been intentionally omitted to preserve anonymity.

The Ransomware Attack

“I got a call from the library's executive director, telling me a terrible story about ransomware. Their library had an attack come through the fax line which was hooked up to their network but lacked a sufficient firewall. The ransomware took out their small business server as well as the server that held ResourceMate, the system the library used for their catalog. They have no in-house IT support, and work with a third-party IT vendor on technical matters.

"The library refused to pay the ransom. They contacted their IT partners, who were able to retrieve and restore the small business server because the library had that on backup (actually, redundant backups). They were not able to retrieve ResourceMate, because they lacked a recent working backup."

Scope of the Damage

“The entire catalog was lost. It wasn’t a huge library (it held roughly 3,000 items), but their catalog was unique. In addition to reference books, they also had artist books, broadsides, prints, rubber stamps, and type, all of which require extra cataloging detail (provenance, medium, collection) as if you were a museum cataloging a piece of art. They lost it all.

"The director reached out to me, asking what they could do. They had hard copies (printouts), so copy cataloging could be done from those, but much of the catalog would require original cataloging. The organization did not have assistance from academically trained librarians when they initially set up their catalog, so their staff did not know about Authority Records, MARC, or Dublin Core."

The good news was that the library was now perfectly positioned to create a catalog that meets professional standards.

Stability & Security Going Forward

“I told them, as a non-profit, they needed to go with an open-source solution. We did a comparative analysis of some open-source solutions, integrated library systems (ILS), and they decided on Evergreen. Evergreen is a stable platform. They use Evergreen in the East Central Library Consortium, the Lake Agassiz Regional Library, and many others across the state. I test-drove them all, and Evergreen will serve this library’s needs.

“Because this is a non-profit, the funding comes from many places. They were able to obtain funds for restoration through a memorial donation and grants. There was enough money to purchase the ILS, engage a third-party vendor to do the installation, and hire some cataloging support.

"They went with an Amazon Web Services (AWS) self-hosted cloud server moving forward because AWS will provide improved security as well as the ability for the library to grow as needed. I wanted to move them away from on-premises solutions. I didn’t want another ransomware situation coming our way! AWS has levels of security we could never build in-house.

"By the time the library had lost the collection data, identified and found funding, determined a course of action, and evaluated and chosen a new system, an entire year had gone by. Our goal now is to get the majority of the collection re-cataloged within another year."

How to Protect Your Library

One ransomware attack, two years to recover. Continue on to Part II to learn how to protect your library from a ransomware attack.