Library still plagued by ransomware

Erin Waller, Daviess County Library Director

The Cryptolocker ransomware that crippled the Daviess County Public Library in April is back and slowing various library services.

In actuality, it never left, said Erin Waller, library director, despite the efforts of the library's IT (information technology) staff.

Cryptolocker is a specific form of ransomware that focuses on a victim's data to extort payment with the threat of losing that data if the ransom isn't paid in full. Even then, there is no guarantee that the hackers behind the virus will actually come through with the key to free the data, she said.

"According to outside experts that we brought in to aid us this time around, once hackers get in, they hang around hoping to get another payoff," she said. "You think you have done everything to clean it out and start over, but they are hiding, waiting to pop up again when you are vulnerable to ask for more money. We are realizing that this malware is super-aggressive"

The library's current woes began on July 8 when Waller and her staff began to notice white screens popping up on customer self-service screens, she said.

"We were still gun-shy," she said. "At the time, we didn't know. We thought that it had something to do with the past attack or the work we are doing to strengthen our system. We just weren't sure. We shut things down really fast so it didn't keep growing. We didn't lose anything because we have great backups, then and now. We had some services that were down last week and we were finding strange files on staff computers, so we were taking each computer and running a scrubbing software."

On Monday, library staff felt that the situation was under control and that everything was back to form, until Wednesday, when it became apparent that April's virus was still alive and well, she said.

"This past Monday, we felt like everything was good," she said. "We were feeling confident and started turning things back on to get back to normalcy. Monday and Tuesday were good. Wednesday is when the white screens were back and we realized that it (the virus) is bigger than us and we needed to call in some experts."

One of the experts, Bill Uptmore, compared the virus to the classic arcade game Whac-A-Mole, Waller said.

"You knock it down and it pops back up elsewhere," she said. "This is a super aggressive malware and now that we know what is happening, we have a better idea of how to tackle these issues."

The library was initially attacked on April 28. Their files were encrypted and held ransom for six bitcoins, or $30,947, which the library did not pay. Ultimately, the library was forced to close its doors May 7 through May 9 to address issues and have employees re-inventory its more than 300,000 items.

While they are hoping to avoid closing like they did in early May to re-inventory and address data issues, certain services are suspended so that Waller's staff and outside aid can address the virus, she said.

"There are no internet services in the building right now," she said. "People can't access the catalog or their accounts from home, but we can here and we are only allowing people to check out 15 items at a time. We are working really hard to improve every day, but it will take some serious recovery. I want to stress that no data was lost or compromised and no one's data is out there. We will follow the recommendations of our outside experts in terms of the extent of the problem and solutions. We will be here for people as much as we can. If we close, it is because we have to. That decision will not be done lightly."

Jacob Mulliken, 270-228-2837, jmulliken@messenger-inquirer.com

(0) comments

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.