News: 1727285414

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

RansomHub genius tries to put the squeeze on Delaware Libraries

(2024/09/25)


Despite being top of the ransomware tree at the moment, RansomHub – specifically, one of its affiliates – clearly isn't that bright as they are reportedly trying to extort Delaware Libraries for around $1 million.

Public libraries are a core facility of any town or city and the pillars of society, supporting the community through various means, yet they're notoriously underfunded, raising the question of why they'd be targeted.

RansomHub hits 210 victims in just 6 months [1]READ MORE

Regardless, targeted they were – all across the state of Delaware. Delaware Libraries oversees 35 sites across the state, many of which are battling IT issues caused by a ransomware attack that has forced computer labs to shut.

The Georgetown Public Library replied to a social media post on Tuesday asking visitors to call before arriving, adding that the site had no printing, internet, or computer services available.

Several others across the state have warned that their phone services may also be "intermittently disrupted," while others such as the Rehoboth Beach Public Library said its phones are completely down, as are its scanning and faxing services.

[2]

A statement posted to its website attributes the ongoing issues to "an extended system/internet outage." However, the organization confirmed to The Register that ransomware is the cause.

[3]

[4]

"There has been a ransomware attack on one of the virtual servers," a spokesperson at Rehoboth Beach Public Library told us. "Internet connections have been affected at the public libraries in the state. There is an ongoing, active investigation of the outage and temporary solutions are in place to provide traditional library services."

Delaware Libraries' website also states that some sites across the state are shut as a result, and it hasn't determined how long it will take to restore its services.

[5]

RansomHub claims to have stolen a bunch of documents from Delaware Libraries, leaking what appears to be a small number of financial documents from previous years.

A screenshot of a single folder shows it contains more than 80,000 files totaling 56 GB, created on September 20, the day before the organization confirmed the IT issues.

The RansomHub blog post that allegedly leaked Delaware Libraries' data mentioned the Delaware Library for the Blind and Physically Handicapped specifically – the old name of what's now known as Delaware Library Access Services. It's unclear if this was the intended target of the attack, whether the criminals just mentioned it for effect, or for another reason.

[6]Planned Parenthood confirms cyber-attack as RansomHub threatens to leak data

[7]RansomHub hits 210 victims in just 6 months

[8]RansomHub-linked EDR-killing malware spotted in the wild

[9]British Library's candid ransomware comms driven by 'emotional intelligence'

The prolific ransomware group, which hit [10]more than 200 organizations in six months , made no claims regarding the theft of any other kinds of sensitive or personal data, suggesting it may not have the deep level of access it usually enjoys.

That suggestion is supported by the words of Annie Norman, state librarian of Delaware and director at the Delaware Division of Libraries.

[11]

Speaking to local media, she [12]said : "The good news is – thank God there's some good news – it's not affecting the catalog, which is where there's patron information."

The libraries' catalog can still be queried from its website and its digital services such as magazine subscriptions, audiobooks, and children's book portals remain online.

Norman added that the decision was made to rebuild systems instead of [13]paying the ransom , which is in line with the longstanding guidance from federal agencies such as [14]CISA , but as many will know it [15]isn't necessarily followed in every case .

Delaware Libraries is working with Microsoft and the Delaware Department of Technology and Information on its recovery efforts, which are still very much in the early stages.

It can often take weeks or even months to determine the root cause of a cybersecurity incident and to fully understand what data was compromised. ®

Get our [16]Tech Resources



[1] https://www.theregister.com/2024/08/30/ransomhub/

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZvSIA2w1q7ksbMC_IZ970QAAAdg&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZvSIA2w1q7ksbMC_IZ970QAAAdg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZvSIA2w1q7ksbMC_IZ970QAAAdg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZvSIA2w1q7ksbMC_IZ970QAAAdg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[6] https://www.theregister.com/2024/09/04/planned_parenthood_cybersecurity_incident/

[7] https://www.theregister.com/2024/08/30/ransomhub/

[8] https://www.theregister.com/2024/08/19/ransomhub_edrkilling_malware/

[9] https://www.theregister.com/2024/05/20/the_british_library_owes_lauded/

[10] https://www.theregister.com/2024/08/30/ransomhub/

[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZvSIA2w1q7ksbMC_IZ970QAAAdg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[12] https://spotlightdelaware.org/2024/09/23/delaware-libraries-hack/

[13] https://www.theregister.com/2024/09/11/ransomware_decryptor_not_working/

[14] https://www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains/

[15] https://www.theregister.com/2024/07/12/cdk_ransom_payout/

[16] https://whitepapers.theregister.com/



Clowns

Anonymous Coward

"mentioned the Delaware Library for the Blind and Physically Handicapped"

You are Clowns.

Anon, obviously.

Finally, the mother lode!

Cris E

Fecund Delaware, your awesome portals of knowledge have finally been breached! Not since the fall of the Library of Alexandria has the modern world been so rocked. Begin the collection of the ransom, pass the hat, recycle tin and rubber, let no resource be withheld. The violation of... What's that, no catalog? No patron data? Well what else is there? Screw that, rebuild the lot. Who even needs the old board of regents meeting minutes anyway.

Re: Finally, the mother lode!

Anonymous Coward

Collected it will be. Stopped, never.

Anon, obviously.

Anonymous Coward

Public libraries are a core facility of any town or city and the pillars of society, supporting the community through various means, yet they're notoriously underfunded, raising the question of why they'd be targeted.

They're targeted because they are underfunded. They are underfunded because they are not seen by society as a core facility.

... but as records of courts and justice are admissible, it can easily be
proved that powerful and malevolent magicians once existed and were a scourge
to mankind. The evidence (including confession) upon which certain women
were convicted of witchcraft and executed was without a flaw; it is still
unimpeachable. The judges' decisions based on it were sound in logic and
in law. Nothing in any existing court was ever more thoroughly proved than
the charges of witchcraft and sorcery for which so many suffered death. If
there were no witches, human testimony and human reason are alike destitute
of value.
-- Ambrose Bierce, "The Devil's Dictionary"