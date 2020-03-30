It has been about a year since the Daviess County Public Library was hit with ransomware.
While the experience was not a “blessing in disguise,” for library officials and staff, the library is stronger, Library Director Erin Waller.
“The library is certainly better off than it was,” she said. “Sometimes you have to have something happen that is traumatic to be a learning experience. It has forced the staff into a situation where they are definitely more careful about everything that they do.
“One positive that has come out of it all is that we have implemented on-going security training that is mandatory for staff. It is another educational component to help everyone be more aware of everything that they need to. We have more knowledge about our systems and vulnerability and our staff has more knowledge about theirs. Knowledge is always a good thing.”
The library discovered that they had been the victim of a ransomware attack on April 28, 2019. Specifically, the library was targeted by a form of ransomware called Cryptolocker, which focuses on a victim’s data to extort payment with the threat of losing that data if the ransom isn’t paid in full. The ransom to restore files was $30,947, which library officials refused to pay — a decision that Waller stands by, she said.
“I don’t personally believe in paying a ransom, I would have never considered it as an option,” she said. “I understand there are people in situations where they feel they have to. To me, paying feeds this thing and makes it grow. I have a moral objection to it. As opposed to throwing that money away with no guarantee that we would have regained control of our systems, that money has worked to make us better in the long run.”
So far, the library has spent roughly $30,000 on shoring up its systems, said Brian Lashbrook, library IT manager.
“The first thing we did was hire Insight our of Dayton, Ohio,” he said. “They did a vulnerability assessment on our network and then they made recommendations on what kind of software we should buy and what remediation we needed to do.”
The plan so far was three-pronged, focusing on building a “human firewall,” remote management and software upgrades, he said.
“We subscribed to KNOWBE4,” he said. “It is an ongoing training for staff that aids us in developing our human firewall. It is continuous. They will get a new course on cybersecurity each month. We also purchased and integrated firewall and virus scan software that is more comprehensive than what we had in the past. It covers malware, spam, protects email and scans computers for potential problems.
“Another aspect is our work with our remote management service Ninja. This software allows us to manage software patches and computer issues. This system constantly keeps itself up to date.”
While issues like ransomware are a constant threat in a technological age, Lashbrook feels confident where the library is now, he said.
“For now, moving forward it will be building, improving our staff’s awareness and constantly evolving and building on to what we have,” he said. “There is a lot to do, but we definitely feel more at ease with where we are at and where we are headed.”
