The Rhysida ransomware gang has claimed responsibility for a cyberattack on the British Library in October, which has caused a major ongoing IT outage. Rhysida is auctioning off the data it reportedly stole from the United Kingdom's national library systems. The ransomware group also leaked a low-resolution screenshot of what looks like ID scans stolen from the library's compromised system. On Wednesday, the FBI and CISA warned of Rhysida's opportunistic attacks targeting organizations across a broad range of industry sectors. "Threat actors leveraging Rhysida ransomware are known to impact 'targets of opportunity,' including victims in the education, healthcare, manufacturing, information technology, and government sectors," the two agencies said. "Observed as a ransomware-as-a-service model, Rhysida actors have compromised organizations in education, manufacturing, information technology, and government sectors and any ransom paid is split between the group and affiliates." A leak of HR documents stolen from the British Library was also confirmed today by the library's press office, which warned users to reset their passwords as a precautionary measure. The UK's national library has yet to find evidence that the attackers have gained access to other information during the incident. "We have now confirmed that this was a ransomware attack, by a group known for such criminal activity. We are aware that some data has been leaked, which appears to be from files relating to our internal HR information," it said. "We have no evidence that wider user data has been compromised. However, we are recommending as a precautionary measure that if users have a password for British Library services that they also use elsewhere, they should change it." The British Library first confirmed that a ransomware attack was behind this major outage last week. The attackers encrypted the library's systems on Saturday, October 28, and the resulting IT outage continues to impact the British Library's online systems, services, and certain onsite facilities, such as Wi-Fi, with the website still offline almost three weeks after the attack. The library estimates that it will restore many of its services within the next few weeks, but some disruptions might persist for an extended period. The library's website sees an annual influx of over 11 million visitors, while its collections are accessed daily by more than 16,000 individuals onsite and online. The British Library collection spans over 150 million items stored across 625 kilometers of shelves. Approximately 3 million new items are added to its archives yearly as the library receives copies of every publication released in the UK and Ireland. British Library: Ongoing outage caused by ransomware attack. FBI and CISA warn of opportunistic Rhysida ransomware attacks. Yamaha Motor confirms ransomware attack on Philippines subsidiary. Toyota confirms breach after Medusa ransomware threatens to leak data.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000