Hit By Ransomware, Butler County Libraries Go Back To Paper-Only Loans

Jul 19, 2019

Butler County librarians are lending books the old-fashioned way—by tracking loans and due dates on paper—after a ransomware attack froze them out of their computers on Wednesday.

"(Librarians) are doing the best they can to get people the services that they can give them during this time," says Cheryl Ferraro, system administrator for the Butler County Federated Library.

The system oversees 10 automonous libraries across the county, distributing many thousands of books, electronic media and more. Library officials say they've confirmed the ransomware used in the attack, Ryuk, is the same virus used to attack the Onondaga County, N.Y. library system last week.

For now, many library services are unavailable, including the use of public computers, renewal of checked-out items, library catalog access, collection of fines and the ability to hold books for checkout. Programming at all branches continues, and patrons can still check out items in person with their library card.

“Our libraries are at the height of their popular summer reading programs," system board member Tom Cully said in the statement. "Come in to attend any of the many programs offered, read, study, or just beat the heat on these hot summer days. There’s a lot our libraries offer, even with limited technology access.”

Wi-Fi is available only at the Cranberry Public Library, which shares space and IT services with the township. Overdrive ebook and downloadable audio titles are also still online for all Butler County card holders.

David J. Hickton, former U.S. Attorney and founding director of the University of Pittsburgh's Institute for Cyber Law, Policy and Security, says the only real defense for vulnerable facilities like libraries, municipal governments and others is training and prevention. 

"If you're aware, there's a lot of advance warning of this stuff and you can patch your systems to prevent it," Hickton says, imploring IT professionals at organizations big and small to do their homework. Awareness "is not a luxury anymore. It's not an option."

According to the National Cyber Security Center, which tracks attacks across the U.S., Ryuk is a targeted ransomware that demands a fee based on the victim’s perceived ability to pay. The center issued an advisory against Ryuk in June, 10 months after it was first observed globally.

Ferraro says the attack was detected by IT officials only when servers faltered. No specific ransom was issued, she says, and officials haven't heard from the attackers directly.

She says it's taken years for library systems like Butler County's to fully transition to a digital catalog, so going back to paper loans this week has been a challenge.

"I don't even know how to describe it," she says. "Even the spreadsheets are set up on paper and pencil."

Ryuk has been blamed for several attacks worldwide, and according to NCSC, "is often not observed until a period of time after the initial infection – ranging from days to months – which allows the actor time to carry out reconnaissance inside an infected network, identifying and targeting critical network systems and therefore maximising the impact of the attack. But it may also offer the potential to mitigate against a ransomware attack before it occurs, if the initial infection is detected and remedied."

Once an organization is hit, Hickton says, there's little recourse. He says most victims would be better off abandoning their hardware and building anew. 

"You have to have your system backed up," he says. "It's certainly not a good policy to pay the person who's extorting you, because they can extort you again if you're not protected. ... It's a tough situation."

Library officials have been in touch with the FBI, their insurance companies and Butler County officials. There's no timeline for when library services could be back to normal operations.