Security

Cyber-crime

British Library: Finances remain healthy as ransomware recovery continues

Authors continue to lose out on owed payments as rebuild of digital services drags on


The British Library is denying reports suggesting the recovery costs for its 2023 ransomware attack may reach highs of nearly $9 million as work to restore services remains ongoing.

The institution said in a statement today that the final costs remain "unconfirmed" and no additional bids for funding to support the rebuild have yet been made.

Reports at the weekend suggested the ransomware recovery costs were expected to run up to £7 million ($8.9 million), roughly ten times the original ransom sum, and could put a big dent in its cash reserves.

The Financial Times first reported the now-disputed prediction of the library's recovery costs, a sum that would constitute around 40 percent of its rainy day funds.

Citing inaccuracies in wider reports, a British Library spokesperson told The Register: "The final costs of recovering from the recent cyber attack are still not confirmed. The British Library and its government sponsor, the Department for Culture, Media and Sport (DCMS), remain in close and regular contact. The Library always maintains its own financial reserve to help address unexpected issues and no bids for additional funding have been made at this stage."

The October attack at the hands of Rhysida was hugely disruptive, forcing various systems at British Library sites in London and Yorkshire offline. It has resulted in a slow recovery - right now there is no end or estimated completion date in sight. Many services are still unavailable to library users as its staff work on rebuilding them.

Among the most notable absences is the library's online catalog, one of its flagship resources, which has remained offline since the start of the incident but is expected to return on 15 January as a reference-only version, CEO Sir Roly Keating confirmed.

It's just one of the services that are making a phased return amid ongoing work to build stop-gap workarounds that restore a level of operation to key library services, said Keating.

"Other interim services will include increased on-site access to our manuscripts and special collections, and a bespoke inter-library loan capability designed to serve key sectors such as health, higher education, and law," he blogged

"Each of these offerings will initially be somewhat different from our normal service, but together they will represent a crucial first stage on our road back to normality."

According to the British Library's dedicated page for its cybersecurity incident, it expects a full recovery to take "several months" and points out that similar attacks elsewhere in the industry have taken longer than 12 months to fully remediate.

The Public Lending Right (PLR) service has also been affected as fallout continues from the cyber attack-related disruption, meaning some authors are not receiving the payments they are owed for their works being borrowed.

Run by the British Library, the PLR service pays authors 13p ($0.17) every time their work is borrowed, a sum that's capped at £6,600 ($8,386) annually.

The indefinite delays to payments are affecting only Irish recipients, with the Library unable to make December's payments or any in the near future, it confirmed last week.

"Once PLR services are restored, we'll send out statements and where payments are due, these will be made as soon as we can," the British Library said. "We know this may be worrying news and we're sorry if you have been affected by this delay.

"While we anticipate restoring many of our services in the next few weeks, some disruption may persist for several months. At this point, we're unable to say how long PLR services will be disrupted or whether UK PLR payments will be affected too."

The service disruption also means authors are currently unable to register for PLR payments at present, but the library expects to have a working registration system by June 30, the cutoff for registering for next year's payments.

Individuals are experiencing issues with logging into their PLR accounts and have been told some of their personal data, including names, email addresses, and postal addresses may have been copied from internal management databases.

According to The Authors' Licensing & Collecting Society (ALCS), the average earnings of a self-employed writer in the UK amounts to £7,000 ($8,900) a year, meaning the money earned via the PLR scheme could prove to be an impactful loss for some affected.

"We are making good progress towards issuing UK PLR payments before the end of March, in accordance with government legislation," a British Library spokesperson said today. 

"We recognise the importance of these payments for authors, illustrators, translators, narrators, and all others who have contributed to books and are planning to issue a further update, with a finalized timeline, by the end of this month."

Months of disruption

The attack on the British Library started at the end of October after widespread issues impacted its St Pancras site in central London.

The website was downed, as were the on-site facilities including Wi-Fi, payments, reading rooms, staff email access, and order collection. Sir Keating recently described the incident as an "attack on knowledge."

A source told us at the time that its VMware ESXi servers were experiencing major issues as of October 28. The attack was later claimed by the Rhysida group – believed to be based in Russia.

It published 573 GB worth of stolen files belonging to the library, roughly 90 percent of the entire trove it stole. The group claimed the rest of the files had been sold in a private auction.

Before leaking the files, Rhysida originally advertised the sale of its entire haul with bids starting at 20 Bitcoin ($884,372 at today's exchange rate, around $760,000 at the time).

The British Library has said it is continuing to analyze the leaked files, a process which could take months, and will update individuals if investigators make any additional findings.

There is currently no evidence to suggest identity documents or financial information has been leaked, but disclosure notices sent by the library to its customers in November suggested that "at a minimum" most had their names and email addresses stolen.

The Metropolitan Police and National Cybersecurity Centre (NCSC) said they would continue to support the library through its recovery and post-mortem of the incident. ®

Send us news
16 Comments

Crimelords and spies for rogue states are working together, says Google

Only lawmakers can stop them. Plus: software needs to be more secure, but what's in it for us?

Triplestrength hits victims with triple trouble: Ransomware, cloud hijacks, crypto-mining

These crooks have no chill

Another banner year for ransomware gangs despite takedowns by the cops

And it doesn't take a crystal ball to predict the future

UK, US, Oz blast holes in LockBit's bulletproof hosting provider Zservers

Huge if true: Brit Foreign Sec says Putin running a 'corrupt mafia state'

Security pros more confident about fending off ransomware, despite being battered by attacks

Data leak, shmata leak. It will all work out, right?

Cyberattack on NHS causes hospitals to miss cancer care targets

Healthcare chiefs say impact will persist for months

US news org still struggling to print papers a week after 'cybersecurity event'

Publications across 25 states either producing smaller issues or very delayed ones

UK industry leaders unleash hurricane-grade scale for cyberattacks

Freshly minted organization aims to take the guesswork out of incident severity for insurers and policy holders

Baguette bandits strike again with ransomware and a side of mockery

Big-game hunting to the extreme

All your 8Base are belong to us: Ransomware crew busted in global sting

Dark web site seized, four cuffed in Thailand

If Ransomware Inc was a company, its 2024 results would be a horror show

35% drop in payments across the year as your backups got better and law enforcement made a difference

Dems want answers on national security risks posed by hiring freeze, DOGE probes

Are cybersecurity roles included? Are Elon's enforcers vetted? Inquiring minds want to know