Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Cyber criminals demand £600,000 ransom for stolen British Library data

The Rhysida group has demanded 20 Bitcoin (roughly £602,500) for the return of the stolen data

Nicole Vassell
Tuesday 21 November 2023 06:06 EST
Comments
Experts warn ChatGPT could be used to ‘help launch cyber-attacks’: 'It can be tricked into producing malicious code'

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A group of hackers has claimed responsibility for a cyber attack that has crippled the British Library for the past few weeks.

Ransomeware gang, the Rhysida group has demanded 20 Bitcoin (roughly £602,500) for the return of the stolen data, which includes employee passport scans and financial information.

Sharing censored images of data they’ve acquired in the hack on the dark web, including passport photos and HMRC records, the group have decided to auction off the data to the highest bidder.

The hackers have prevented the British Library from accessing its IT system by encrypting files and was demanding money in return for a unique decryption key.

According to The Telegraph, the hacking group’s online listing for the library data reads: “With just seven days on the clock, seize the opportunity to bid on exclusive, unique and impressive data. Open your wallets and be ready to buy exclusive data.”

The British Library is home to more than 170 million items. Among major artefacts at the library are the Magna Carta – the first written constitution in European history – and handwritten lyrics by The Beatles.

Last month, the British Library confirmed that a “major technology outage” had impacted their operations.

(Alamy Stock Photo)

The attack has brought down the library’s website, online systems and book ordering. As a result, some onsite payments are cash-only, and the public Wi-Fi has been disabled.

On Monday (20 November), the library issued an update on X/Twitter. A message on the organisation’s official account reads: “We’re continuing to experience a major technology outage as a result of a cyber-attack, affecting our website, online systems and services, and some onsite services too. We anticipate restoring many services in the next few weeks, but some disruption may persist for longer.”

After acknowledging that some data from their internal HR files had been leaked, the statement advised anyone with a British Library login who uses the same password elsewhere to change their details as a precautionary measure.

However, the library stated it has “no evidence that data of our users has been compromised”.

“In the meantime, we’ve taken targeted protective measures to ensure the integrity of our systems, and we’re continuing to investigate the attack with the support of NCSC, the Metropolitan Police and cybersecurity specialists,” the statement continued. “Thank you for bearing with us during this investigation. We’ll update you as soon as we can.”

The Independent has contacted the British Library for comment.

Sir Roly Keating, chief executive of the British Library, said: “We are immensely grateful to our many users and partners who have shown such patience and support as we work to analyse the impact of this criminal attack and identify what we need to do to restore our online systems in a safe and sustainable manner.”

Ransomware breaches like these are typically motivated by financial gain, with hackers demanding money after using malware to infiltrate computer systems without consent or authorisation.

Rhysida has been linked to another hacking group called the Vice Society. According to Check Point Research, it is “one of the most active and aggressive ransomware groups”.

Other Rhysida victims include the University of the West of Scotland, the Chilean army, the city of Gondomar in Portugal and an operator of 16 US hospitals.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in