Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ransomware Infects All St Louis Public Library Computers (theguardian.com)

Posted by BeauHD on from the rendered-useless dept.

An anonymous reader quotes a report from The Guardian: Libraries in St Louis have been bought to a standstill after computers in all the city's libraries were infected with ransomware, a particularly virulent form of computer virus used to extort money from victims. Hackers are demanding $35,000 (£28,000) to restore the system after the cyberattack, which affected 700 computers across the Missouri city's 16 public libraries. The hackers demanded the money in electronic currency bitcoin, but, as CNN reports, the authority has refused to pay for a code that would unlock the machines. As a result, the library authority has said it will wipe its entire computer system and rebuild it from scratch, a solution that may take weeks. On Friday, St Louis public library announced it had managed to regain control of its servers, with tech staff continuing to work to restore borrowing services. The 16 libraries have all remained open, but computers continue to be off limits to the public. Spokeswoman Jen Hatton told CNN that the attack had hit the city's schoolchildren and its poor worst, as many do not have access to the internet at home. "For many [...] we're their only access to the internet," she said. "Some of them have a smartphone, but they don't have a data plan. They come in and use the wifi." As well as causing the loans system to seize up, preventing borrowers from checking out or returning books, the attack froze all computers, leaving no one able to access the four million items that should be available through the service. The system is believed to have been infected through a centralized computer server, and staff emails have also been frozen by the virus. The FBI has been called in to investigate.

7 of 163 comments (clear)

  1. Reading between the lines... by grasshoppa · · Score: 4, Informative

    ...sounds like they have valid backups, so this should be considered a "success" story more than anything else.

    Still, I do wonder if the admins were practicing valid security, how anything could have infected the entire system.

    --
    Mod me down with all of your hatred and your journey towards the dark side will be complete!
    1. Re:Reading between the lines... by Rick+Schumann · · Score: 4, Insightful

      Being a public library, it's not like they have to have backups for every single computer either. Most if not all of their workstations, including especially the ones intended for public access, would just be paved over with a standard image, and pretty much also for employee workstations. Only their server(s) would really be affected, right? So long as they have backup(s) they'd be fine.

    2. Re:Reading between the lines... by Anonymous Coward · · Score: 5, Insightful

      My bet is they are well accustomed to re-imaging the public facing computers.

  2. Surely an inadvertent target by edtice1559 · · Score: 4, Informative

    If they are just machines for public web browsing, there i3s no data to ransom. Just reinitialize them. Firefox works great on Linux BTW and you have a much smaller attack surface.

    1. Re:Surely an inadvertent target by techno-vampire · · Score: 4, Interesting

      I'll go one further: have it run off of a Live USB that's mounted inside the box where the users can't get at it and no persistent storage. That way, even they leave personal data behind, it goes away at reboot. Not only that, but if you set it up in kiosk mode, with Firefox opening at boot, they'll never even know they're using Linux.

      --
      Good, inexpensive web hosting
  3. I'm Angry by DaMattster · · Score: 4, Interesting

    It takes a special kind of asshole to attack a library; a place where people go to learn and access the internet. Why go after one of the poorest resources and attack those that have the least to give? Go after the fucking fortune 500 companies but not a fucking library. One only hopes that anonymous could turn the tables on these slimy thieves.

  4. Re: Why do people keep using Windows? by TWX · · Score: 4, Insightful

    That's not really it at all.

    Decision-makers at the top of organizations love Windows. They love Microsoft. They love all of the pretty graphs and charts and menus that make it look easy to administer a system or network. The problem is, they often start to think that they actually know how to do just that once they've been through the marketing experience meetings where the people from the vendor with a lot of knowledge make it look so simple, or else they hire people that do a very convincing job of sounding like they know what they're doing but don't. Worst, those people (either the bosses or the ignorant hirees) may be convinced that they know what they're doing far beyond reality.

    Now, I will give it this much, sometimes the GUI tools can be useful. It's much easier to plot how network traffic is being passed among multiple interfaces to the WAN or to the ISP across multiple NAT firewalls with a GUI graph than it is on a text console. On the other hand, actually figuring out what's going on is often a function of the console, rather than of the GUI.

    --
    Do not look into laser with remaining eye.