November 29, 2023 at 07:38AM
The Rhysida ransomware group has released data purportedly stolen from the British Library, totaling 573GB. The library confirmed the breach, urging password changes. Services are disrupted, with recovery expected to take months. Rhysida initially auctioned the data for 20 Bitcoin, and experts stress the seriousness of such cyberattacks and their consequences.
Meeting Takeaways:
1. The Rhysida ransomware group has released much of the data it claimed to have stolen from the British Library during the cyberattack that was disclosed a month prior.
2. The released data appears to be substantial according to Troy Hunt, creator of Have I Been Pwned? Despite The Register not examining the data, leaked file trees suggested the compromised information is from various library departments.
3. Rhysida’s website lists 490,191 files in the leak, totaling 573 GB. An initial auction for the stolen data started at 20 Bitcoin, valued at approximately $760,000.
4. The leak is reported to be 90% published, with an indication that some data were not sold and hence uploaded for “data hunters.”
5. Richard Cassidy of Rubrik emphasized that ransomware groups are sophisticated market actors, often engaging in double extortion for high return on investment.
6. The British Library confirmed the theft of data on its website, advised customers to change reused passwords, and projected ongoing operational disruptions for several months due to major technology outages impacting several services.
7. Customer names, email addresses, and potentially postal addresses or phone numbers may have been accessed from the library’s CRM databases, though no financial information is thought to be at risk due to secure third-party payment handling.
8. The library is coordinating with cybersecurity specialists for investigation and remediation and has published a status update on available services on its blog, noting that Wi-Fi and card payment terminals have been restored.
9. Jake Moore from ESET highlights the incident’s importance for continuous cybersecurity improvement, underlining the struggle organizations face post-attack and the permanence of data leakage on the dark web.
10. The British Library is engaging with authorities and informing affected individuals of best practices moving forward, hoping this incident prompts other organizations to bolster their cyber defenses.
The organization has apologized to its customers for the incident and continues to disclose relevant information as the situation evolves.