British Library Catalogue Back Online After Ransomware Attack

Written by

The British Library has begun restoring its online services as it continues to recover from last year’s ransomware attack.

Sir Roly Keating, Chief Executive at the institution, confirmed in a blog post that the main British Library catalogue will return online on Monday, January 15. This includes details of its printed books, journals, maps, music scores and rare books.

 “[The British Library’s] absence from the internet has been perhaps the single most visible impact of the criminal cyber-attack which took place at the end of October last year, and I want to acknowledge how difficult this has been for all our users,” Keating noted.

British Library Resumes Services with Adjustments

The catalogue will be in a ‘read only’ format, meaning that the process for checking availability and ordering them to use in the Reading Rooms will be different.

Additionally, for the first time since the incident, readers will be able to access the majority of the Library’s key special collections only available at the site.

In a separate update, the British Library also assured authors and other recipients of UK Public Lending Right (PLR) that it has put in place workarounds to ensure they receive their payments before the end of March 2024.

Keating apologized for the disruption caused to researchers who rely on accessing the Library’s collection for their studies and livelihoods.

This milestone represents an important stage in the Library’s recovery following the ransomware attack on October 28, 2023.

The incident, thought to have been perpetrated by the Rhysida gang, impacted phone lines and on-site services at its main building in London and a separate facility in Yorkshire, as well as access to digital collections, its website and digital catalogue.

Additionally the attackers were able to access employee and user data.

In an update in November 2023, the Library warned that a full recovery from the attack could take months.

British Library in Ransomware Recovery Process

Keating said that the restoration of the British Library catalogue is just one step in the recovery process, and warned that the broader program of a full technical rebuild and recovery will “take time.”

He wrote that the institution has not been able to confirm what the full recovery costs will be yet, following reports by the Financial Times that it could be as high as nearly $9m.

The Library continues to work closely with the UK government to ensure recovery “takes place on a secure and financially sustainable basis,” said Keating.

Keating added that the Library is determined to learn lessons from the attack and build in more resiliency into its systems during the rebuild. This includes accelerating plans to invest in its core technology infrastructure that were announced in May 2023.

“That work will now be accelerated, to ensure that what emerges from this unwanted attack is a strengthened British Library that is as ready as it can possibly be to confront whatever future threats emerge from the constantly evolving world of cybercrime,” stated Keating.

The Library will also start sharing its experiences with partners and peer institutions in the coming months.

Commenting, Jake Moore, Global Cybersecurity Advisor, ESET, said it was important that other organizations update their cyber resiliency measures to ensure they do not go through lengthy and costly recoveries in the event of a successful ransomware attack.

“The group Rhysida, known for their persistent approach, has been particularly notable for their use of double extortion tactics. This involves not only infecting organizations with malware but also simultaneously stealing their data, highlighting the urgent need for enhanced security measures – but not just in the traditional form of backups,” he said.

“Businesses must learn from this upheaval but if the British Library are to come back differently, onlooking organizations must also take note and act differently now too,” he outlined.

Read more: Top 10 Cyber-Attacks 2023

Image credit: Cowardlion / Shutterstock.com

What’s hot on Infosecurity Magazine?