Seattle's 27 public libraries knocked out in ransomware attack


The entire Seattle Public Library system is still reeling after a Memorial Day weekend ransomware attack disrupted access to technology services across the city’s 27 individual branches.

The latest update on Wednesday revealed that the library system will “remain offline” until the investigation and recovery are complete and that there is no estimated timeline for restoration.

“We are an organization that prides itself on providing you answers, and we are sorry that the information we can share is limited,” the Library stated.

Library officials say access to its online catalog and loaning system, e-books, e-audiobooks, public computers, Wi-Fi, and printing are just some of the network services impacted by the early morning May 25th attack.

The library's website – where updates on the attack are being posted for residents – was also knocked offline but has since been restored with the help of outside security experts.

According to a post about the attack on X, the Library, with the help of third-party forensics, disconnected the systems to try and isolate the damage and “better assess the nature and impacts of the event.”

Seattle is a major US city located on the northwest edge of Washington state, with a population more than 750,000.

Ironically just one day earlier, the library had announced a planned weekend outage due to system maintenance from Saturday through Monday nights.

The online updates would have affected Library accounts, pick-up lockers, and online catalogs, but now IT staff is being tasked with restoring “full functionality” to all library systems.

Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ, noted that immediately following the attack, the Library was forced to take “all systems offline and revert back to manual lending for books and CDs.”

“As these institutions continue to be targets for threat actors, it is imperative that they prioritize a proactive cybersecurity approach, assessing any vulnerabilities in their systems,” said Costis.

Education sector consistently targeted by ransom gangs

Costis is referring to a new government program proposed last fall by the US Cybersecurity and Infrastructure Security Agency (CISA) aimed at helping schools and library systems across the nation beef up security measures in response to the recent wave of attacks.

“The scale of cyberattacks on libraries and schools prompted the FCC to propose a “Schools and Libraries Cybersecurity Pilot Program” in November that would allow officials to collect data to help defend these institutions,” Costis said.

The program’s main goal is to ensure digital equity in connectivity across schools and libraries so everyone, everywhere has access to high-speed Internet services, the Federal Communications Commission (FCC) release states.

FCC Chairwoman Jessica Rosenworcel claims that “cyberattacks can undermine the connectivity that schools and libraries count on day-in and day-out” and have resulted in “everything from network malfunctions to student privacy vulnerabilities to unexpected expenses to get their systems back online.”

The agency is expected to vote on adopting the three year, $200 million pilot program sometime next month.

“This proposal highlights the need for increased cybersecurity measures for these institutions, which has been reaffirmed by the most recent attack on the Seattle Public Library,” Costis said.

Seattle Public Library ransom update
Image by Seattle Public Library } Cybernews.

Meantime, according to a Comparitech research report from September, there were roughly double the number of attacks on educational institutions in the first half of 2023, compare to all of 2022.

Furthermore, between 2018 and mid-2023, ransomware attacks impacted the records of 6.7 million students across the globe while costing local economies over $53 billion in downtime.

A variety of ransomware groups became known for their attacks on schools, most recently LockBit, Royal (BlackSuit), Medusa, and Rhysida in 2023, and Vice Society reigning in 2022.

Before that Comparitech lists Ryuk and Pysa as the most prolific.

As for the Seattle Public Library, it’s not clear at this time if any sensitive data was stolen in the attack, but library officials say that the “privacy and security of patron and employee information are top priorities.”

Officials also said that all 27 branch buildings are still open for public use, but to bring your library card as staff will use paper forms to check out physical books, CDs and DVDs, and provide other limited services.

As of this report, no ransomware group has claimed responsibility for the attack.