Ransomware attack suspected in Calgary Public Library cybersecurity incident
Monitoring systems blocked ransomware attack, officials say
The Calgary Public Library says its teams have confirmed last week's cybersecurity incident was the result of an attempted ransomware attack.
"As of today we can confirm our cybersecurity team suspects that this was an attempted ransomware attack that our monitoring systems blocked," it said in a statement Friday.
"As part of our containment protocols, we proactively shut down all servers and systems. The Library has not been in communication with any threat agents."
On Oct. 11, a cyberattack forced the closure of all 22 of its physical public library locations across the city.
Those locations did not reopen until Wednesday of this week, but are still providing modified services as the organization continues to experience disruptions because of what the library called a "detected cybersecurity breach."
Patrons currently have access to library spaces and services that do not require technology.
'Libraries are a rich target'
Ritesh Kotak is a Toronto-based cybersecurity and technology analyst who has been following the news out of Calgary. Kotak says there's no typical timeline for how long it could take to safely restore all operations.
"It comes down to the complexity and just the volume of systems that are involved.… It just takes a while if you want to be thorough," he told CBC News on Friday.
He said securing the system isn't a simple set of procedures and every system is different.
"It seems that the Calgary Public Library had the right protocols in place and they did everything right."
As for what information was accessed, the Calgary Public Library said it is still investigating the incident and working to determine if any employee or membership data was impacted.
Kotak said a ransomware attack is usually when a system becomes infected with a malicious software, most commonly resulting from suspicious email links, and the goal is typically to extort the victim into paying a large sum of money to hackers in order to retrieve the data they lost.
"Libraries are a rich target, and the reason that they're rich target is because they hold a lot of data," said Kotak.
"When you start getting people's names, addresses, phone numbers, email addresses, potential payment information, you're able to take that data and that has monetary value to hackers and fraudsters."
He said this data can then be used for crimes like identity theft or other ways hackers wish to exploit data for monetary gain.
"Think about all the times we hear about hacks and breaches," he said.
"If you take the information from the from the public library, and then you mirror that with information taken from other hacks and you correlate that information, it paints a pretty intrusive picture about an individual."
The library says it will keep the public updated as more information becomes available, including reporting any impacts to privacy.