The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. The Toronto Public Library is Canada's largest public library system, giving access to 12 million books through 100 branch libraries across the city. The library system has 1,200,000 registered members and operates on a budget that surpasses $200M. Earlier this week, TPL warned that a cyberattack is causing technical outages on its websites and some online services. The library warned that public computers and printing services are also unavailable. The Toronto Public Library says that there is no evidence that the personal information of staff or customers has been compromised and that they are actively investigating the incident with law enforcement and third-party cybersecurity experts. Black Basta ransomware behind attack on TPL. BleepingComputer has since learned that the Black Basta ransomware operation is behind the attack on the Toronto Public Library. A photo of the ransom note shared with BleepingComputer allowed us to confirm that the ransomware operation was behind the attack. According to a TPL employee, the attack occurred overnight on October 27th, impacting numerous services Saturday morning. BleepingComputer was told that the attack did not impact phones and had limited impact on email, with those logged into their Office 365 accounts still able to access them. While it is unknown now if the ransomware gang stole data during the attack, data theft is a significant component of their extortion strategy. The Black Basta ransomware gang launched its ransomware operation in April 2022 and quickly began targeting corporate victims in double-extortion attacks. By June 2022, Black Basta had partnered with the QBot malware operation to drop Cobalt Strike beacons on infected devices for initial access to corporate networks. Like almost all ransomware operations, Black Basta utilizes a Linux encryptor to target VMware ESXi virtual machines running on Linux servers. In June 2022, the Conti ransomware operation shut down after suffering a series of embarrassing data breaches. Other researchers believe there is a link between Black Basta and the Fin7 cybercrime operation, a financially motivated cybercrime gang also known as Carbanak. Recently, the ransomware operation attacked ABB, a Swiss tech multinational and U.S. government contractor, and leaked the company's stolen data. Toronto Public Library services down following weekend cyberattack. Meet LostTrust ransomware - A likely rebrand of the MetaEncryptor gang. Chilean telecom giant GTD hit by the Rorschach ransomware gang. Ransomware isn't going away - the problem is only getting worse.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000