St. Louis Public Libraries Hit with Ransomware
“Having fun isn’t hard when you have your library card,” sang the animated TV character Arthur, but children in St. Louis, Missouri are unable to use their cards as the city’s libraries are crippled by a vicious computer virus. Public libraries across St. Louis have been infected with ransomware, a type of computer virus which encrypts vital files and demands a ransom to be paid to the attackers in order to regain access. The ransomware has infected 700 computers in the city’s 16 public libraries, freezing all affected computers, destroying the employee email system and disabling the checkout system for the library’s 4 million books, magazines and videos.
Attackers are demanding a ransom of $35,000 to restore access to the system but the public library administrators have refused to pay the ransom. Instead, they have deleted the contents of their computer systems and will attempt to restore them on disinfected machines, a solution which may take weeks, if not longer. The Guardian reports that the library system’s computers were infected through a centralized computer server and that the FBI has been called in to investigate.
In a statement to CNN, library spokesperson Jen Hatton said that the city’s school children and poor residents will be most affected by the attack: "For many of our patrons, we're their only access to the internet," Hatton said. "This is their only access to a computer. Some of them have a smartphone, but they don't have a data plan. They come in and use the WiFi."
Last year, ransomware became a prominent topic in computer security after a number of high profile hacks affecting the public and private sector. According to the FBI, cybercriminals collected over $200 million in ransom from such attacks in the first three months of 2016. The St. Louis Pubic Library hack follows a trend of cybercriminals attacking public institutions for ransom, including several ransomware attacks against hospitals and police departments in the last year. Earlier this month, LA Valley College paid $28,000 to ransomware attackers.