A crypto-ransomware attack has disrupted some services at all library locations across Onondaga County in New York State. On 16 July, the Onondaga County Public Library system published a tweet in which it explained that many of its public services were unavailable. https://twitter.com/OCPL_CNY/status/1151123985616244736?ref_src=twsrc%5Etfw WSYR-TV reported that these unavailable services consisted of Wi-Fi connectivity, access to public computers and phone service availability at central and city branch locations. For all sites (including central and city branch locations), the scope of disruption was even greater. The library system's catalog and databases were down at all of those branches as was access to eBook distributor OverDrive, digital library media streaming platform Hoopla and free downloadable music service Freegal. “We have our member [suburban] libraries and those are still up and operational and we are referring people to go there if they need internet access in the meantime,” explained former library chair Ginny Biesiada. As of this writing, it's unclear when the ransomware attack occurred, when the library system will be able to restore the availability of all its services and what the cost of this recovery will be to taxpayers. That said, WSYR-TV did confirm that the offending ransomware strain was a Ryuk sample. Ryuk has been very active over the first half of 2019. Back in June, for instance, this family of crypto-malware joined trojans Emotet and Trickbot in infecting the computer systems of Lake City in Florida. The municipality subsequently decided to pay $460,000 in Bitcoin to those responsible for the attack. Together with Sodinokibi, Ryuk also helped drive a 184 percent increase in the average ransom amount demanded by ransomware attackers between Q1 2019 ($12,762) and Q2 2019 ($36,295), as observed by Coveware. News of this attack comes just a week after the Syracuse City School District, also in Onondaga County, suffered an infection at the hands of Ryuk. All evidence suggests that these attacks weren't connected in any way aside from the offending ransomware strain.
Image