The Toronto Public Library (TPL) was hit with ransomware late last month, which paralyzed parts of its network and shut down some services.
In an announcement published on a temporary website hosted on Typepad (as the tpl.ca site was offline at the time), the organization confirmed the attack, saying it will probably take a few days before everything’s back to normal:
“TPL has proactively prepared for cybersecurity issues and promptly initiated measures to mitigate potential impacts,” the notice reads. “We have engaged with third-party cybersecurity experts to help us in resolving this situation. We do anticipate though that it may take several days before all systems are fully restored to normal operations.”
Limited effect on email
BleepingComputer reports that besides the temporary shutdown of the tpl.ca website, the ransomware attack prevented people from accessing their online accounts, and caused outages in the tpl:map passes and digital collection services. What’s more, public computers and printing services were also rendered unavailable.
The good news is that phones were not impacted, and the attack had limited effect on email: those who were logged into their Office 365 accounts at the time of the attack remained logged in. Everyone else got locked out.
TPL shut down all remaining systems as a precaution. At the time, there was no evidence of personal information being stolen. However, a source told BleepingComputer that TPL’s main servers weren’t encrypted.
The publication also obtained a screenshot of the ransom note, which apparently came from Black Basta. We don’t know how much money the operators are asking for in exchange for the decryption key (and possibly keeping sensitive data hidden). TPL is Canada’s largest public library with a $200+ million annual budget.
Black Basta was first seen in April last year, and has since then grown to become one of the biggest and most dangerous ransomware operators out there.