Major Library Hit By Ransomware

John Lister's picture

One of the world's largest libraries has been hit by a major ransomware attack. It's an example of an increasingly common "double-dip" attack.

The attackers have not simply encrypted the British Library's files until they receive a payment, which is the usual core ransomware goal. Instead, they are threatening to auction off sensitive employee data seized in the attack.

The library has an estimated collection of up to 200 million items, including a copy of every book published in the United Kingdom. It's also a key research facility for historians. Among other systems, the library has an extensive electronic database of its collection. The attack means its now almost impossible for users to access items other than a small collection held on open display.

HR Data Stolen

While the ransomware attack appears to have been kept quiet for some time, the library has now confirmed that "[they are] continuing to experience a major technology outage as a result of a cyber-attack, affecting [their] website, online systems and services, and some onsite services too. [The library anticipates] restoring many services in the next few weeks, but some disruption may persist for longer." (Source:

The library has also confirmed that some leaked data appears to be from internal human resources files. That follows a ransomware group called Rhysidia claiming to be behind the attack and offering an online auction for stolen employee data.

The group has shared a few examples of what it claims are documents stolen in the attack, including documents from HMRC (the British equivalent of the IRS) and scans of passports. It says the winners of the auction will get exclusive access to the documents, though it's not as if any buyer would be able to claim a breach of contract if the scammers went back on their word. (Source:

Scammers Cashing In

The potential value to attackers of the documents, for example in allowing large scale identity theft, is reflected in the starting price for the auction. It's 20 units of the cryptocurrency Bitcoin, worth around $750,000.

There's no public word yet of how much the scammers are demanding in a ransom from the library or whether officials have engaged in any negotiation.

What's Your Opinion?

Should the library pay a ransom? Are you surprised a single attack seems to have compromised so many elements of its computer systems? Do you think anyone will buy the stolen data?

Rate this article: 
Average: 5 (5 votes)


ronangel1's picture

The way I think to do this is to make the personal data too hot to handle. As it has been taken from the British government it could be a sort of treason, or whatever the law says.
Any person found in possession or handling the data regardless of how they came about it or its source will be prosecuted to the full extent of the law as with spies,long prison sentences no exceptions. If the person is not a British national and in the UK deported to their country of origin immediately after the sentence served with no right of appeal.
This information should be made widely known in the media and on the internet.
There will be no buyers, and information deleted as the risk of being caught with it will be too great!