The British Library, which houses about 14 million books plus manuscripts and items dating back to 2000 BC, was forced offline in October after refusing to pay a £600,000 ransomware demand.
According to The Financial Times, the digital destruction caused by the “deep and extensive” ransomware attack means that the world-renowned library will now be forced to pay ten times that sum to rebuild its online services at a cost of £6 million to £7 million, taking it offline for up to a year. The British Library breach is further evidence of the devastating speed of the latest generation of ransomware attacks.
Cybersecurity firm Sophos’s State of Ransomware 2023 report says that threat actors now succeed in encrypting data in 76 percent of ransomware attacks, up from 65 percent in 2022. According to Sophos, there has also been a 62 percent year-on-year rise in intentional remote encryption attacks since 2022
According to the report: “Encryption levels are at their highest point in the last four years. This likely reflects the ever-increasing skill level of adversaries who continue to innovate and refine their approaches.”
This effectively narrows the window available to ransomware victims to halt the attack and minimize the damage. The US Federal Bureau of Investigation (FBI) now strongly advises against paying the ransom for legal and ethical reasons.
Attacks are becoming faster and more ruthless
Sophos adds that this accelerated speed of attack is being combined with an increasingly ruthless approach when it comes to extracting ransom payments. In 30 percent of ransomware attacks where data was encrypted, data was also stolen. What the report calls a “double dip” approach, where ransomware gangs frequently start to sell the stolen data to the highest bidder, became increasingly common in late 2023. It enables the criminals to begin to monetize the stolen data while exerting added pressure on the victim organization to meet their ransom demand
This is precisely the technique used in the British Library ransomware attack. Hacking group Rhysida, which has claimed responsibility for the breach, published 573 gigabytes of the library’s data while auctioning off 10 percent of the files through its Dark Web page. The group is understood to have links with the Russian-affiliated gang Vice Society.
Organizations across all sectors should now, therefore, take immediate action to plug any gaps in their security. According to the Sophos report, emails were the root cause of 30 percent of ransomware attacks, with 18 percent starting via a malicious email and 13 percent via a phishing attack. Even organizations outside previously highly-targeted sectors such as financial services must now make sure that all staff treat incoming emails, particularly those from an unknown source, with increased caution.
