If you keep up with the latest ransomware news, or if you’re interested in any of the 170 million items that the British Library holds, you may have heard about the ransomware attack it suffered in 2023. This hugely impactful attack, which the library is still recovering from, serves as a hugely important reminder of the damage ransomware can do.
The British Library has now published a report covering the incident, helping us understand what happened, and the consequences. In this article, I’ll explore what we can learn from the ransomware attack against the British Library.
What happened during the cyber attack against the British Library?
The ransomware attack against the British Library was discovered on October 28, 2023, after a member of the Library’s Technology Team was unable to access its network. However, a forensic investigation conducted after the attack revealed that the attackers likely gained access to the Library’s network at least three days before the attack.
During the cybersecurity incident, cyber criminals exfiltrated around 600 GB of files, including personal information belonging to both staff and library users. This data was later posted on the dark web after the British Library refused to pay a ransom. They also destroyed some of the British Library’s servers to cover their tracks and obfuscate how they gained access, meaning the library is now rebuilding its infrastructure in order to restore its digital collection. Thankfully, the library has secure copies of all its content, both digital and digitized.
What can we learn from the British Library cyber attack?
Even though the British Library’s cyber defenses were, according to its report on the attack, “extensive and had been accredited and stress-tested”, the organization admits that, following the attack, there is “much [it] wish[es] [it] had understood better or had prioritized differently”. This demonstrates why it's important not just to have security measures in place, even if they are tested and accredited. The unfortunate reality is that cyber attacks methods are constantly evolving, and so should defenses against them.
Additionally, the fact that the British Library’s main recovery issue is infrastructure rather than data is a huge testament to the importance of secure backups, especially since it is only thanks to these failsafes that this content was not lost during the cyber attack. If these backups didn’t exist, the sheer amount of data lost would be incomparable—a modern-day version of the burning of the Library of Alexandria.
How to spot a ransomware phishing email
While the method of infiltration has not been made public, this ransomware attack serves as a reminder to be wary of any messages or emails that ask you to download files—even if you think they’re from a trusted source. Cyber criminals pose as trusted sources to spread malware, as they know people are more likely to click a link or download files if they believe it is from some they trust, like a friend, family member, coworker or even their boss. When in doubt, check the sender’s contact information against the contact information you already have for them—if it’s not a match, there’s a chance it's a malicious request.
Also, be wary of any language that attempts to create an emotional response in you that would make you download/click anything in a hurry. This is a psychological tactic called social engineering, and bad actors creating a false sense of urgency to pressure you into not think things through. If you notice a message is attempting to hurry you into a decision, take a breath and a closer look at the message, its contents, and the sender’s information. Cyber criminals will hope you won’t do your due diligence, so there will likely be signs that the message is less than legit.
