The British Library is denying reports suggesting the recovery costs for its 2023 ransomware attack may reach highs of nearly $9 million as work to restore services remains ongoing.
Reports at the weekend suggested the ransomware recovery costs were expected to run up to £7 million, roughly ten times the original ransom sum, and could put a big dent in its cash reserves.
The Financial Times first reported the now-disputed prediction of the library's recovery costs, a sum that would constitute around 40 percent of its rainy day funds.
The October attack at the hands of Rhysida was hugely disruptive, forcing various systems at British Library sites in London and Yorkshire offline.
Many services are still unavailable to library users as its staff work on rebuilding them.
Among the most notable absences is the library's online catalog, one of its flagship resources, which has remained offline since the start of the incident but is expected to return on 15 January as a reference-only version, CEO Sir Roly Keating confirmed.
It's just one of the services that are making a phased return amid ongoing work to build stop-gap workarounds that restore a level of operation to key library services, said Keating.
The Public Lending Right service has also been affected as fallout continues from the cyber attack-related disruption, meaning some authors are not receiving the payments they are owed for their works being borrowed.
Run by the British Library, the PLR service pays authors 13p every time their work is borrowed, a sum that's capped at £6,600 annually.
The indefinite delays to payments are affecting only Irish recipients, with the Library unable to make December's payments or any in the near future, it confirmed last week.
The service disruption also means authors are currently unable to register for PLR payments at present, but the library expects to have a working registration system by June 30, the cutoff for registering for next year's payments.
Individuals are experiencing issues with logging into their PLR accounts and have been told some of their personal data, including names, email addresses, and postal addresses may have been copied from internal management databases.
According to The Authors' Licensing & Collecting Society, the average earnings of a self-employed writer in the UK amounts to £7,000 a year, meaning the money earned via the PLR scheme could prove to be an impactful loss for some affected.
The attack on the British Library started at the end of October after widespread issues impacted its St Pancras site in central London.
The website was downed, as were the on-site facilities including Wi-Fi, payments, reading rooms, staff email access, and order collection.
A source told us at the time that its VMware ESXi servers were experiencing major issues as of October 28.
The attack was later claimed by the Rhysida group - believed to be based in Russia.
It published 573 GB worth of stolen files belonging to the library, roughly 90 percent of the entire trove it stole.
The British Library has said it is continuing to analyze the leaked files, a process which could take months, and will update individuals if investigators make any additional findings.
The Metropolitan Police and National Cybersecurity Centre said they would continue to support the library through its recovery and post-mortem of the incident.
This Cyber News was published on go.theregister.com. Publication date: Mon, 08 Jan 2024 13:43:04 +0000