Information technology staff at the Daviess County Public Library hope to have library patron operations up and running within the next two weeks, according to IT Manager Brian Lashbrook.
"My hope is that self-checks, patron catalogs, really all of it, will be up in roughly two weeks," he said. "The reason that it takes so long is that our vendors are on a project schedule, but they are traditionally good about bumping us up."
Lashbrook, IT Assistant Wesley Johnson and Information Services Manager Alicia Harrington have been working nearly non-stop with the aid of outside consultants and their various technology vendors to address the persistent issues resulting from the April 28 ransomware attack, said Library Director Erin Waller.
IT staff have been working with Innovative Interfaces, who provides the library's check-in and cataloging service Polaris, as well Bowling Green-based consultant Innovative Solutions Through Technology to address current issues as well as better prepare for the future, Lashbrook said.
"We are rebuilding everything from scratch," he said. "It is better safe than sorry at this point. We are taking every step possible to ensure that the ransomware is gone and that we can get back to running normally. We have to request server upgrades from Innovative Interfaces and they are working with us to move our data as we upgrade to Windows 2019. We have also set up at this point that all staff machines are unplugged from the servers and running off of a secured Wi-Fi connection as we address staff server issues.
"We have also set up a separate local area network to block any kind of traffic with anything that could be infected as we rebuild servers. We are upgrading to all of the current Windows systems and are going to begin setting all the staff computers to backup to OneDrive, so if something goes wrong we can grab it, wipe it, reload it and all of the data will come back."
While library officials are looking toward extra precautions, by virtue of the library's function in the community, patron restrictions will not be stringent, Waller said.
"Any of the extra precautions we have put in place are going to most likely add restrictions on staff itself," she said. "We don’t want to be locked down like a hospital or a bank. Our staff needs to be able to access what they need in terms of catalog and patron information. We will do what we can, but we have to be cognizant of our jobs and provide customer service and access. We will definitely be boosting training initiatives for staff, just to remind them of what to look for."
One of the common ways that ransomware can enter into an individual computer or an entire system is through phishing emails that contain malicious attachments, or through drive-by downloading, which occurs when a user unknowingly visits an infected website and malware is downloaded and installed without the user’s knowledge. Neither of those Lashbrook theorizes were the culprits.
"Most likely it came through a staff computer," he said. "The public computers are set to wipe everything out between sessions through a software we use called Deep Freeze. From what I have learned it seems like it most likely got in through the firewall somehow. A lot of them currently use a remote desktop and will set a bot and brute force the password until they get in. I was able to look at the way that it operated a little bit and it basically runs and tries to break the security on built-in Windows accounts and once it does that, it can reach out to any computer on the network using that password and account. I feel like we were targeted, that is my theory."
In terms of the library's IT departments current course of action, they aren't taking any chances moving forward, Lashbrook said.
"We have talked to a few different experts and the path that we are taking is the right way," he said. "If you don’t have an idea of where it is hiding, you have to wipe the hard drive and start over. It is a long process, but we are focusing on critical services first, access to patron accounts, account services, and then we will focus on getting staff computers up and reloaded with backed up data. We aren't taking any chances this time."
The library was initially attacked on April 28. Their files were encrypted and held ransom by a form of ransomware called Cryptolocker for six bitcoins, or $30,947, which the library did not pay. Ultimately, the library was forced to close its doors May 7-9 to address issues and have employees re-inventory its more than 300,000 items. The issue has been at the forefront of the IT department's duties this summer and has, in some ways, hurt the morale of both staff and patrons, Waller said.
"Brian, Wesley and Alisha have put in countless hours and have gone above and beyond the call of duty," she said. "Our staff have been great in creating and implementing creative solutions to ensure that our patrons' experience is as seamless as possible and our patrons have also been patient with us and supportive of our efforts. I can assure everyone that the security of our patrons is our top priority and that no patron information was compromised."
Jacob Mulliken, 270-228-2837, jmulliken@messenger-inquirer.com
(0) comments
Welcome to the discussion.
Log In
Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.