Ransomware attack suspected in cybersecurity incident at Calgary Public Library

The Calgary Public Library says its teams have confirmed that last week’s cybersecurity incident was the result of an attempted ransomware attack.

“As of today, we can confirm that our cybersecurity team suspects this is an attempted ransomware attack that our monitoring systems blocked,” it said in a statement on Friday.

“As part of our containment protocols, we have proactively shut down all servers and systems. The Library has not been in communication with any threat actors.”

On October 11, a cyber attack forced the closure of all 22 physical public libraries across the city.

These locations did not reopen until Wednesday of this week, but are still providing modified services as the organization continues to face disruptions due to what the library called a “detected cybersecurity breach.”

Currently, users have access to library spaces and services that do not require technology.

‘Libraries are a rich target’

Ritesh Kotak is a Toronto-based cybersecurity and technology analyst who has been following the news out of Calgary. Kotak says there is no typical timeline for how long it will take to safely restore full operations.

“It all comes down to the complexity and the volume of systems involved. … It just takes a while if you want to be thorough,” he told CBC News on Friday.

He said securing the system is not a simple set of procedures and each system is different.

“It appears the Calgary Public Library had the correct protocols in place and did everything right.”

As for the information accessed, the Calgary Public Library said it is still investigating the incident and working to determine if any employee or member data was affected.

Kotak said a ransomware attack typically occurs when a system is infected with malicious software, usually resulting from suspicious email links, and the goal is typically to extort the victim into paying a large sum of money to hackers to recover the data they lost.

“Libraries are a rich target, and the reason they are a rich target is because they contain a lot of data,” Kotak said.

“When you start getting names, addresses, phone numbers, email addresses and potential payment information from people, you can take that data and it has monetary value to hackers and fraudsters.”

He said this data could then be used for crimes such as identity theft or other ways hackers want to exploit the data for monetary gain.

“Think about all the times we hear about hacks and breaches,” he said.

“If you take information from the public library and then mirror that with information taken from other hacks and correlate that information, it paints a pretty intrusive picture about an individual.”

The library says it will keep the public updated as more information becomes available, including reports of any privacy impacts.