Even public libraries aren’t safe from ransomware, as Canada’s biggest is hit
The Toronto Public Library (TPL) was hit by ransomware late last month, crippling parts of the network and shutting down some services.
In an announcement published on a temporary website hosted on Typepad (as the tpl.ca site was offline at the time), the organization confirmed the attack and said it will likely take a few days before things get back to normal:
“TPL has proactively prepared for cybersecurity issues and has taken immediate steps to mitigate the potential impacts,” the statement read. “We have engaged external cybersecurity experts to assist us in resolving this situation. However, we expect it may take several days for all systems to be fully restored to normal operations.”
Limited effect on email
BleepingComputer reports that the ransomware attack, in addition to temporarily shutting down the tpl.ca website, prevented people from accessing their online accounts and caused disruptions to tpl:map cards and digital debit services. In addition, public computers and printing services were also no longer available.
The good news is that phones were not affected and the attack had a limited effect on email: those who were logged into their Office 365 accounts at the time of the attack remained logged in. Everyone else was left out.
As a precaution, TPL has shut down all other systems. There were no indications at the time that any personal information had been stolen. However, a source told BleepingComputer that TPL’s main servers were not encrypted.
The publication also obtained a screenshot of the ransom note, which apparently came from Black Basta. We don’t know how much money the operators are asking for in exchange for the decryption key (and possibly keeping sensitive data hidden). TPL is Canada’s largest public library with an annual budget of more than $200 million.
Black Basta was first spotted in April last year and has since grown into one of the largest and most dangerous ransomware operators out there.