Even public libraries aren't safe from ransomware, as Canada's biggest is hit

News
By
published

Black Basta strikes again

Ransomware
Image Credit: Shutterstock (Image credit: Shutterstock)

The Toronto Public Library (TPL) was hit with ransomware late last month, which paralyzed parts of its network and shut down some services.

In an announcement published on a temporary website hosted on Typepad (as the tpl.ca site was offline at the time), the organization confirmed the attack, saying it will probably take a few days before everything’s back to normal:

"TPL has proactively prepared for cybersecurity issues and promptly initiated measures to mitigate potential impacts," the notice reads. "We have engaged with third-party cybersecurity experts to help us in resolving this situation. We do anticipate though that it may take several days before all systems are fully restored to normal operations."

Limited effect on email

BleepingComputer reports that besides the temporary shutdown of the tpl.ca website, the ransomware attack prevented people from accessing their online accounts, and caused outages in the tpl:map passes and digital collection services. What’s more, public computers and printing services were also rendered unavailable.

The good news is that phones were not impacted, and the attack had limited effect on email: those who were logged into their Office 365 accounts at the time of the attack remained logged in. Everyone else got locked out. 

TPL shut down all remaining systems as a precaution. At the time, there was no evidence of personal information being stolen. However, a source told BleepingComputer that TPL’s main servers weren’t encrypted. 

The publication also obtained a screenshot of the ransom note, which apparently came from Black Basta. We don’t know how much money the operators are asking for in exchange for the decryption key (and possibly keeping sensitive data hidden). TPL is Canada’s largest public library with a $200+ million annual budget. 

Black Basta was first seen in April last year, and has since then grown to become one of the biggest and most dangerous ransomware operators out there. 

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.