It has been established that the British Library suffered a cyber attack in October, resulting in the leakage of employee data.
The incident on 31 October triggered the library website to be offline for approximately four weeks.
The Rhysida ransomware group asserts that they are responsible for the attack, and declare that they are going to put the stolen data up for auction.
The cyber gang has indicated that the cost of the data, inclusive of passport scans, is 20 Bitcoin (£596,459).
The British Library -- the UK's largest library -- took to X, declaring: "It was established last week that this was a cyberattack of the ransomware variety, and we now know that some information was disclosed. This is believed to be originating from our personnel records."
It noted, though, that there was no confirmation that the data being put up for sale is related to British Library employees, and that there was "no evidence" that any user information had been compromised.
A spokesperson from the National Cyber Security Centre (NCSC) declared that they were in the process of working with the library to comprehend the complete effect of the occurrence.
The UK's key cyber threat is ransomware, so it is recommended that all organisations take immediate action to secure their networks by following the guidance for robust defences.
Monday witnessed the Rhysida ransomware group proclaiming its responsibility for the attack and uploading an image, containing an assortment of documents - some of which look like HMRC employment contracts and passports - to its dark web leak site.
The accuracy of the data has not been confirmed by the BBC.
The hackers declared that an auction of "unique, striking and one of a kind data" would terminate shortly before 0800 GMT on 27 November, with a single person being the only one to scoop the prize.
On 15 November, the Federal Bureau of Investigation and the United States Cybersecurity & Infrastructure Security Agency issued an alert concerning the danger that Rhysida poses.
The joint statement noted that threat actors who utilise Rhysida ransomware have a history of attacking targets of convenience, including those in the education, healthcare, manufacturing, information technology, and public sector industries.
The people in the group have also been responsible for assaults on the Chilean military, Gondomar in Portugal, and the University of West of Scotland.
Joe Tidy, BBC's Cyber Correspondent
Regrettably, ransomware attacks of this type are quite commonplace with groups such as Rhysida managing to pilfer extensive amounts of info from institutions and causing major disruptions in their operations on a daily basis.
According to the guidance of police forces all over the world, it is strongly recommended not to remunerate the perpetrators of such offenses as it reinforces their operation, however, unfortunately, quite a few sufferers pay up to conceal the situation or get back to daily life quickly.
It is improbable that the British Library, as a public institution, will meet the cyber criminals' expectations, so Rhysida is left with an abundance of stolen data they must capitalize on right away before seeking out another target.
It looks like the timer on their darknet leak site is going to reach zero in six days' time, when the stolen information will either be provided at no charge or wiped out.
The employees who are in danger of identity fraud are facing a worrying situation, yet it could have been much worse if the hackers had managed to get to the bigger information or larger data collections maintained by the British Library.
A statement released by the library, known for having one of the greatest stockpiles of books on the planet, stated that they expect that a majority of their services will return within the upcoming weeks, though a few services may possibly remain affected for a longer period of time. The attack has had an effect on their webpage, digital systems, and book ordering services.
This statement was added: It is advisable for those who have a British Library login to update their password if it is used elsewhere.
We have implemented specific precautionary steps to guarantee the solidity of our systems and we are carrying on with our investigation of the assault with the aid of NCSC [National Cyber Security Centre], the Metropolitan Police, and IT security professionals.
コメント