Ransomware hits the Seattle Public Library

Ransomware is a type of malware attack in which the attacker locks and encrypts the victim’s data, and then demands a payment to unlock and decrypt the data. It follows this general flow:

• A virus makes its way onto a company’s or a personal computer system, often through the brute force technique known as phishing. It may sit dormant for weeks or months, replicating across the system, until it is activated.
• Once activated, it blocks access to data or programs, usually through sophisticated encryption. A ransom demand is left on the system in the form of an instruction file demanding a payment, usually through cryptocurrency like Bitcoin which offers a high degree of anonymity.
• If the payment is made, the hacker will then provide the key to decrypt the data and programs. Alternatively, the victim may decide to rebuild / restore their system without paying the ransom.

These steps may occur over weeks or months. Paying a ransom is no guarantee the ransomware actor will follow through with the decryption step.

Previously ransomware was initiated by sophisticated computer hackers, often based in Eastern Europe or Russia, including some with political ties. However as the technique becomes more widespread the necessary software becomes more available on the Dark Web and it opens the door to less sophisticated ransomware actors. There are even ransomware-as-a-service RAAS providers like Lockbit.

The three key components of a ransomware attack: phishing; encryption; and Bitcoin transfers, are all well understood in today’s world.

Although hampered by companies’ reluctance to go public about ransomware attacks, the US Cyber Security agency estimated 4500 ransomware attacks in 2023. A private company, Marsh,estimates that around 40% of companies pay the ransom and that number is decreasing. However the amount of ransom is increasing, to a median amount of $6.5 million in 2023. It’s estimated that as few as 5% of cybercriminals are apprehended for their crimes.

Ransomware is a low risk crime with the potential for a huge payday.

The Seattle library ransomware attack was initiated on May 21st. As of today the system is still signficantly crippled:

• No access to their online system (either by consumers or employees). So you can check out physical books by going to a library but they are currently just recording your card manually. Self checkout is estimated to return in late July.
• Ebook access is only through third party vendors.
• You can’t reserve books. This support is estimated for late August.
• They are asking consumers to not return books until the online system is up. This is why the library shelves are getting more and more bare: people can still check out books but can’t check them back in.

Library expenses have skyrocketed due to the high cost of ebooks.

Not only are ebooks almost 250% more expensive than physical books, the lifetime of a physical library book is 5 to ten years on average while libraries are often contractually obligated to “repurchase” an ebook after two years. It’s kind of counterintuitive but ebooks cost more and last for a shorter time.

If you’re the type of library user that prefers ebooks, you might want to consider a donation to your local library to help with these extra costs.