Security

Cyber-crime

British Library: Finances remain healthy as ransomware recovery continues

Authors continue to lose out on owed payments as rebuild of digital services drags on


The British Library is denying reports suggesting the recovery costs for its 2023 ransomware attack may reach highs of nearly $9 million as work to restore services remains ongoing.

The institution said in a statement today that the final costs remain "unconfirmed" and no additional bids for funding to support the rebuild have yet been made.

Reports at the weekend suggested the ransomware recovery costs were expected to run up to £7 million ($8.9 million), roughly ten times the original ransom sum, and could put a big dent in its cash reserves.

The Financial Times first reported the now-disputed prediction of the library's recovery costs, a sum that would constitute around 40 percent of its rainy day funds.

Citing inaccuracies in wider reports, a British Library spokesperson told The Register: "The final costs of recovering from the recent cyber attack are still not confirmed. The British Library and its government sponsor, the Department for Culture, Media and Sport (DCMS), remain in close and regular contact. The Library always maintains its own financial reserve to help address unexpected issues and no bids for additional funding have been made at this stage."

The October attack at the hands of Rhysida was hugely disruptive, forcing various systems at British Library sites in London and Yorkshire offline. It has resulted in a slow recovery - right now there is no end or estimated completion date in sight. Many services are still unavailable to library users as its staff work on rebuilding them.

Among the most notable absences is the library's online catalog, one of its flagship resources, which has remained offline since the start of the incident but is expected to return on 15 January as a reference-only version, CEO Sir Roly Keating confirmed.

It's just one of the services that are making a phased return amid ongoing work to build stop-gap workarounds that restore a level of operation to key library services, said Keating.

"Other interim services will include increased on-site access to our manuscripts and special collections, and a bespoke inter-library loan capability designed to serve key sectors such as health, higher education, and law," he blogged

"Each of these offerings will initially be somewhat different from our normal service, but together they will represent a crucial first stage on our road back to normality."

According to the British Library's dedicated page for its cybersecurity incident, it expects a full recovery to take "several months" and points out that similar attacks elsewhere in the industry have taken longer than 12 months to fully remediate.

The Public Lending Right (PLR) service has also been affected as fallout continues from the cyber attack-related disruption, meaning some authors are not receiving the payments they are owed for their works being borrowed.

Run by the British Library, the PLR service pays authors 13p ($0.17) every time their work is borrowed, a sum that's capped at £6,600 ($8,386) annually.

The indefinite delays to payments are affecting only Irish recipients, with the Library unable to make December's payments or any in the near future, it confirmed last week.

"Once PLR services are restored, we'll send out statements and where payments are due, these will be made as soon as we can," the British Library said. "We know this may be worrying news and we're sorry if you have been affected by this delay.

"While we anticipate restoring many of our services in the next few weeks, some disruption may persist for several months. At this point, we're unable to say how long PLR services will be disrupted or whether UK PLR payments will be affected too."

The service disruption also means authors are currently unable to register for PLR payments at present, but the library expects to have a working registration system by June 30, the cutoff for registering for next year's payments.

Individuals are experiencing issues with logging into their PLR accounts and have been told some of their personal data, including names, email addresses, and postal addresses may have been copied from internal management databases.

According to The Authors' Licensing & Collecting Society (ALCS), the average earnings of a self-employed writer in the UK amounts to £7,000 ($8,900) a year, meaning the money earned via the PLR scheme could prove to be an impactful loss for some affected.

"We are making good progress towards issuing UK PLR payments before the end of March, in accordance with government legislation," a British Library spokesperson said today. 

"We recognise the importance of these payments for authors, illustrators, translators, narrators, and all others who have contributed to books and are planning to issue a further update, with a finalized timeline, by the end of this month."

Months of disruption

The attack on the British Library started at the end of October after widespread issues impacted its St Pancras site in central London.

The website was downed, as were the on-site facilities including Wi-Fi, payments, reading rooms, staff email access, and order collection. Sir Keating recently described the incident as an "attack on knowledge."

A source told us at the time that its VMware ESXi servers were experiencing major issues as of October 28. The attack was later claimed by the Rhysida group – believed to be based in Russia.

It published 573 GB worth of stolen files belonging to the library, roughly 90 percent of the entire trove it stole. The group claimed the rest of the files had been sold in a private auction.

Before leaking the files, Rhysida originally advertised the sale of its entire haul with bids starting at 20 Bitcoin ($884,372 at today's exchange rate, around $760,000 at the time).

The British Library has said it is continuing to analyze the leaked files, a process which could take months, and will update individuals if investigators make any additional findings.

There is currently no evidence to suggest identity documents or financial information has been leaked, but disclosure notices sent by the library to its customers in November suggested that "at a minimum" most had their names and email addresses stolen.

The Metropolitan Police and National Cybersecurity Centre (NCSC) said they would continue to support the library through its recovery and post-mortem of the incident. ®

Send us news
16 Comments

Avast secretly gave DoNex ransomware decryptors to victims before crims vanished

Good riddance to another pesky tribe of miscreants

Cancer patient forced to make terrible decision after Qilin attack on London hospitals

Skin-sparing mastectomy and breast reconstruction scrapped as result of ransomware at supplier

Europol nukes nearly 600 IP addresses in Cobalt Strike crackdown

Private sector helped out with week-long operation – but didn't touch China

Evolve Bank & Trust confirms LockBit stole 7.6 million people's data

Making cyberattack among the largest ever recorded in finance industry

Ransomware crews investing in custom data stealing malware

BlackByte, LockBit among the criminals using bespoke tools

Eldorado ransomware-as-a-service gang targets Linux, Windows systems

US orgs bear the brunt of attacks by probably-Russian crew

Affirm fears customer info pilfered during ransomware raid at Evolve Bank

Number of partners acknowledging data theft continues to rise

Patelco banking services AWOL amid ransomware ruckus

Late fees? Don't worry, the credit union has you covered

You had a year to patch this Veeam flaw – and now it's going to hurt some more

LockBit variant targets backup software - which you may remember is supposed to help you recover from ransomware

UK and US cops band together to tackle Qilin's ransomware shakedowns

Attacking the NHS is a very bad move

Not-so-OpenAI allegedly never bothered to report 2023 data breach

Also: F1 authority breached; Prudential victim count skyrockets; a new ransomware actor appears; and more

Malware that is 'not ransomware' wormed its way through Fujitsu Japan's systems

Company says data exfiltration was extremely difficult to detect