clrcrmck
British Library ransomware attack could cost up to £7m
The cost of recovering the British Library’s ransomware-stricken IT systems could be up to £7m, it has emerged
The cost of rebuilding the British Library’s systems following the October Rhysida ransomware attack is likely to hit between £6m and £7m, dwarfing the £650,000 ransom demand and burning through approximately 40% of the organisation’s unallocated cash reserves.
According to the Financial Times, the British Library is liaising with the Department for Culture, Media and Sport (DCMS), the government department to which it ultimately reports, but has not officially asked for financial assistance.
The newspaper claimed that a DCMS insider had told it that the institution – which holds hundreds of millions of works – would be expected to draw on its own financial reserves.
“The final costs of recovering from the recent cyber attack are still not confirmed. The British Library and its government sponsor, DCMS, remain in close and regular contact,” said a British Library spokesperson.
“The library always maintains its own financial reserve to help address unexpected issues and no bids for additional funding have been made at this stage,” they said.
The attack, which unfolded at the end of October 2023, saw the British Library’s website, online systems and services and on-site services knocked offline, causing widespread operational disruption.
It was confirmed to be a ransomware attack in mid-November, and a few days later, the emergent Rhysida ransomware group claimed responsibility and leaked some of the organisation’s internal human resources documents and threatening to auction more data.
The scope of the breach affecting the British Library subsequently widened, and the organisation confirmed at the end of November that the data stolen – which totalled 573GB comprising almost 500,000 files – did include the personal information of readers and visitors.
Writing in December, the library’s chief executive Roly Keating said: “Although this kind of attack was something we had prepared for and rehearsed, and had taken steps to guard against, it was no less of a shock when it happened.
“It is our purpose to provide access to a collection of 170 million items – open to all and free at the point of use, for research, inspiration and enjoyment – and we found ourselves, that first weekend, at the receiving end of a smash-and-grab operation, and a crude attempt at extortion.
“The people responsible for this cyber attack stand against everything that libraries represent: openness, empowerment, and access to knowledge,” said Keating.
As the disruption continues into 2024, its effects are now also beginning to impact wider life in the UK, with academics and researchers unable to complete aspects of their work such as grant applications, and authors left out of pocket thanks to the forced suspension of public lending right (PLR) payments.
PLR payments are the funds – measured in pennies up to a maximum value of £6,600 – paid out to authors when their works are borrowed from any library in the UK. The scheme distributed more than £6m in 2023 to thousands of authors across the country.
Speaking to the Observer, Society of Authors chair Joanne Harris described the PLR as a “welcome annual windfall” and a “tangible piece of validation” for authors whose works do not hit the bestseller lists or are otherwise out of the public eye.
Author Damian Barr added that the PLR scheme made a “big difference” to writers, particularly in the face of declining advances and cash-strapped publishers.
Computer Weekly coverage of the British Library attack
- 31 October: The British Library is experiencing a major IT outage following a cyber incident of an undisclosed nature.
- 16 November: The British Library has provided an update on an ongoing cyber incident affecting its systems, confirming it to be the result of a ransomware attack.
- 21 November: Ransomware group Rhysida threatens to sell documents stolen from the British Library to the highest bidder.
- 28 November: Personal data on British Library users has appeared for sale on the dark web following a Rhysida ransomware attack, as the scope of the still-developing incident widens again.
- 30 October: The Rhysida ransomware gang behind the cyber attack on the British Library has published almost 600GB of stolen data to its dark web leak site.