Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Security Software The Almighty Buck United States Hardware Technology

Ransomware Infects All St Louis Public Library Computers (theguardian.com) 163

An anonymous reader quotes a report from The Guardian: Libraries in St Louis have been bought to a standstill after computers in all the city's libraries were infected with ransomware, a particularly virulent form of computer virus used to extort money from victims. Hackers are demanding $35,000 (£28,000) to restore the system after the cyberattack, which affected 700 computers across the Missouri city's 16 public libraries. The hackers demanded the money in electronic currency bitcoin, but, as CNN reports, the authority has refused to pay for a code that would unlock the machines. As a result, the library authority has said it will wipe its entire computer system and rebuild it from scratch, a solution that may take weeks. On Friday, St Louis public library announced it had managed to regain control of its servers, with tech staff continuing to work to restore borrowing services. The 16 libraries have all remained open, but computers continue to be off limits to the public. Spokeswoman Jen Hatton told CNN that the attack had hit the city's schoolchildren and its poor worst, as many do not have access to the internet at home. "For many [...] we're their only access to the internet," she said. "Some of them have a smartphone, but they don't have a data plan. They come in and use the wifi." As well as causing the loans system to seize up, preventing borrowers from checking out or returning books, the attack froze all computers, leaving no one able to access the four million items that should be available through the service. The system is believed to have been infected through a centralized computer server, and staff emails have also been frozen by the virus. The FBI has been called in to investigate.
This discussion has been archived. No new comments can be posted.

Ransomware Infects All St Louis Public Library Computers

Comments Filter:
  • by grasshoppa ( 657393 ) <skennedy@tpno-c[ ]rg ['o.o' in gap]> on Monday January 23, 2017 @07:30PM (#53724753) Homepage

    ...sounds like they have valid backups, so this should be considered a "success" story more than anything else.

    Still, I do wonder if the admins were practicing valid security, how anything could have infected the entire system.

    • by Rick Schumann ( 4662797 ) on Monday January 23, 2017 @07:36PM (#53724811) Journal
      Being a public library, it's not like they have to have backups for every single computer either. Most if not all of their workstations, including especially the ones intended for public access, would just be paved over with a standard image, and pretty much also for employee workstations. Only their server(s) would really be affected, right? So long as they have backup(s) they'd be fine.
  • by Anonymous Coward

    As a St. Louisan, I'm glad they're not paying. It sounds like there are some serious issues while they restore their systems, but it sounds like they do have backups. It will take awhile to clean up the mess, but I applaud them for not giving in to the criminals responsible for this. Although many articles aren't clear about this, the library did have backups to restore from, so despite the security breach, someone knew what they were doing well enough to avoid paying the ransom demands. Good for St. Louis

  • by Ed Tice ( 3732157 ) on Monday January 23, 2017 @07:39PM (#53724829)
    If they are just machines for public web browsing, there i3s no data to ransom. Just reinitialize them. Firefox works great on Linux BTW and you have a much smaller attack surface.
    • by techno-vampire ( 666512 ) on Monday January 23, 2017 @08:09PM (#53725023) Homepage
      I'll go one further: have it run off of a Live USB that's mounted inside the box where the users can't get at it and no persistent storage. That way, even they leave personal data behind, it goes away at reboot. Not only that, but if you set it up in kiosk mode, with Firefox opening at boot, they'll never even know they're using Linux.
      • I've done something like this. I ended up using a CD-R removing the hard drives. The advantage of a CD-R is that it can't be modified easily which removed 99% of the possible ways to mess with the system. (I wouldn't be as confident a USB drive couldn't be modified.) It also makes it easy to test upgrades and deploy them rapidly.

        I know it would be possible to do network booting [slashdot.org] but I've tried it and it was slower and took more effort. For my purposes, I found slax [slax.org] easy to set up, modify and use. I tried out

        • The advantage of a CD-R is that it can't be modified easily which removed 99% of the possible ways to mess with the system.

          That's both an advantage AND a disadvantage. The last thing I want to have to do is have to touch hundreds of machines when there is a systems change. These days, information databases like Follett are accessible through an online portal, and I've had to update the access urls a couple of times now. Making the CD-R tamper proof, which you would need to do, would make it even more of a PITA to deal with.

          PXE boot works fine too, but then you're back to maintaining the state of the image. On top of that, they

  • I'm Angry (Score:5, Interesting)

    by DaMattster ( 977781 ) on Monday January 23, 2017 @07:43PM (#53724847)
    It takes a special kind of asshole to attack a library; a place where people go to learn and access the internet. Why go after one of the poorest resources and attack those that have the least to give? Go after the fucking fortune 500 companies but not a fucking library. One only hopes that anonymous could turn the tables on these slimy thieves.
    • Re:I'm Angry (Score:4, Insightful)

      by HiThere ( 15173 ) <charleshixsnNO@SPAMearthlink.net> on Monday January 23, 2017 @08:00PM (#53724967)

      I think you think this was a targeted attack, but personally I really doubt that. I think it was a target of opportunity seized by some automated bot. Which doesn't mean you should think more kindly of those who released it.

    • It's called, "phishing," for a reason.

      Throw enough bait into the water and you might catch a bass.

      Of course, you might catch a boot.

      • never caught a boot but i did catch a a full sized bed mattress loaded with hooks and lures...3 feet from the shore along the Schuylkill river under a bridge kids swam under every day ...me included ..catfish,eels but rarely bass :}
    • These vermin will go after anyone. I've seen carefully targeted spearphishing attempting to steal from a charity for terminally ill children. Stealing from a library is nothing for these scum.
    • It takes a special kind of asshole to attack a library; a place where people go to learn and access the internet.

      ^^^^^^^^^^THIS.

      -

      Why go after one of the poorest resources and attack those that have the least to give?

      Because the people that do this are scumbag losers without a shred of self-awareness. Sadly, some people just like to break things and fuck shit up.

  • Mostly reminds me of my experiences as a volunteer trying to support the public-use computers in the Austin Public Library. That was almost 30 years ago, way before we had anything like network access problems. Basically I wound up just wiping the systems every time I visited and restoring them as well as I could to their "legal" condition. The big problem in those days was just pirated software, especially an expensive CAD package, but the big threats these days are keyloggers intercepting passwords used f

    • by PCM2 ( 4486 )

      The big problem in those days was just pirated software, especially an expensive CAD package, but the big threats these days are keyloggers intercepting passwords used for email and data stored in the network...

      Aw, man. I've never had need to use a library terminal for any work other than looking things up in the catalog, so I never gave it much thought. Now I'll never look at one of those public terminals the same way again.

      I've used internet cafes in Europe, but even years ago those would be automatically re-imaged after each customer logs out. I don't think the libraries here do anything of the kind. Imagine how many Gmail and Facebook accounts you could gain access to, even if they re-imaged the systems once p

  • by mmell ( 832646 ) on Monday January 23, 2017 @07:59PM (#53724959)
    First - paying ransomware is not too far removed from negotiating with terrorists (IMHO, YMMV). If a ransomware scammer manages to kidnap your data, paying him or her only encourages more such attacks. Being given a big middle-finger (along with the bad press it generates) will only leave these data kidnappers to hide their involvement and hope they never get caught.

    Second - St. Louis' libraries almost certainly can't afford to pay even one of these mutts. Libraries were once magnificent places where people went to read and borrow dead-tree media (a.k.a., books, although periodicals and reference works were also available there). While libraries have become the one publicly available free-as-in-beer places to get internet access, their core mission of providing free access to reference, literary and other materials was not directly impacted by this. One could still walk into a library, look up a desired text in the card catalog and physically access a nearly exploit-proof repository of knowledge and information. They don't have budgets for IT security which would prove to be exceedingly difficult to provide on hundreds of publicly accessible computers, nor do they have a mandate to provide electronic services.

    Third - and this ties back to second - libraries in general don't have a budget for public IT. They can't afford the expertise to implement FOSS when the vast majority of the people who will maintain and use the provided services are not trained to use it. Even on their web presence, ease of implementation (which probably contributed to this problem) equals lower TCO for them.

    • by Altrag ( 195300 )

      not too far removed from negotiating with terrorists

      There's an enormous gulf between locking someone's data and blowing them up. We tend to be a lot harder on people who murder innocents than those who just steal money (well, as long as its somebody else' money of course.)

      physically access a nearly exploit-proof repository

      Sure you can access it, but most library usage of the book variety is loan-based since few people want to actually sit in the library for hours on end while reading. And the systems that track the book loans are all computerized these days.

      This particular library could potentially lose a

      • not too far removed from negotiating with terrorists

        There's an enormous gulf between locking someone's data and blowing them up. We tend to be a lot harder on people who murder innocents than those who just steal money (well, as long as its somebody else' money of course.)

        Yes and no. Yes, it's a far worse crime to blow things and people up, than is it to ransom their data. However, the way we deal with these two types of crime really should be the same. No deals. The more times we cave in to ransomware the worse this type of attack will get. If criminals can make money off it, they are definitely going to try to infect more computers. If no one will pay, the crime will simply go away since it's not profitable.

    • Third - and this ties back to second - libraries in general don't have a budget for public IT. They can't afford the expertise to implement FOSS when the vast majority of the people who will maintain and use the provided services are not trained to use it. Even on their web presence, ease of implementation (which probably contributed to this problem) equals lower TCO for them.

      I'm not so sure this is accurate. I would think the library system's computer needs would be handled by the City's IT department (and cities have these now.) But really depends on the locality, I suppose. But libraries are generally administered by the city government they reside in which would in turn mean they should be under the control of the city's IT department, which definitely has a budget.

    • by Ichijo ( 607641 )

      They don't have budgets for IT security which would prove to be exceedingly difficult to provide on hundreds of publicly accessible computers

      What's so expensive about building a Knoppix CD, duplicating one for every public computer to boot from, and removing all their hard drives?

  • Do I need to say it again? A good back up strategy would get them back on line pretty soon - a few hours if not less.
    • The "strategy" part is crucial, though.

      Before I retired, I backed up every single night to external hard drives (EHD).

      Every fucking evening, for 18 years, I'd take last night's backup home and bring those drives back in the morning.

      I'd put in "today's" tape and take last night's home with me again.

      I had seven (7) EHD and every Wednesday I'd delete an innocuous file on each server and restore it from the EHD.

      The object is not to get stuff ON the EHD as much as it is to get the data back OFF the EHD.

      If a serv

      • I guess I should have added the in addition to a good back up strategy you must have a good restore strategy. When there are hundreds or thousands of computers in a networked system, getting them restored can be a challenge. After all, who knows which one originated the cascade of infection. For a system available to the general public such as this library system the infection may not have been an Internet source but from a library visitor.
        • Good point.

          A good backup strategy includes off site copies as I did, taking the EHD home each day.

          I've been retired 2 years now and I'm not up to speed on the state of the art.

          Can cloud backups be encrypted by local server infection of ransomeware?

          I searched, but didn't find a definitive answer.

          • Can cloud backups be encrypted by local server infection of ransomeware?

            The short answer is "yes".

            If it's not literally offline (disconnected) then it's susceptible to corruption, period.

            I keep three sets of backup drives, rotating through them periodically with the last two drives stored in a safety deposit box at a local bank.

            • I do like the 100% off site backup idea.

              During my career of 34 years, I had two (2) things that scared the shit out of me:

              1.) No backup
              2.) Malware or security breach

              I had a Novell 3.1 server crash on me at 5:30 pm and Novell worked with me till 6:30 the next morning rebuilding it.

              It was broken at the core and we didn't lose any data.

              Didn't need the backup tapes then (no such thing as EHD), but I had them.

              I had my share of infected computers, but it was all single-box shit.

              Viruses ruled the day back then.

              Lat

    • by swb ( 14022 )

      The problem with really good backup strategies is they are also really expensive, being demanding of disk I/O and disk capacity. We joke sometimes that based on usage patterns, many customers should run production on backup storage and backups to production storage because backup uses more IOPS, throughput and capacity than primary.

      I don't know what their systems or processes are like in St Louis or what they had to restore, but a smaller library I worked with once had something like 5 TB of production dat

  • When you see a phrase like "a particularly virulent form of computer virus", that usually means "We don't even have basic protection on our systems, so we will make it sound as if the virus is really really mean".
  • I know it's not really important, but seriously? St. Louis has 16 libraries?

    I did a quick count, and the city of 1.4 million people I live in has 59 libraries. St. Louis has 2.9 million people. Very few of them read apparently.

    • by Anonymous Coward

      St. Louis *City* has only 315 thousand people. The city 'divorced' itself from the county in 1876. The greater St. Louis area has 2.9 million. Most the surrounding municipalities are part of the St Louis county public library system ( http://www.slcl.org/ ) which is separate from the city's library system (http://www.slpl.org/ ) . Other surrounding municipalities just roll their own ( http://kirkwoodpubliclibrary.org/ )

      http://www.riverfronttimes.com/newsblog/2010/05/04/the-great-divorce-everything-you-ever-

    • While the MSA has 2.9 million, St louis proper only has 316000. Those libraries serve the residents of the City, not the entire MSA. The communities of the MSA have their OWN libraries.

      16 for 316000 is actually a fairly high ratio.

    • I live in a city with a library district that covers the city, a couple of small/medium size towns and some unincorporated county area with a service population of about 475,000 to 500,000 or so. Not all towns or the county are part of the district. There are 17 branch libraries including three very large locations plus a bookmobile, containing 2.5 million books, 50,000 ebooks for download, many thousands of music CDs and DVDs. The great thing is that by using the Web, one can put a hold on material and hav
    • The city of St. Louis has about 300,000 people, the county and even part of Illinois is included in your 3 million number. They all have their own libraries. I live in St. Louis, there are 2 libraries within 2.5 miles of my house (one is less than 1.2 mile, the other is the central public library which has awesome architecture and lots of art).

  • "Libraries in St Louis have been bought to a standstill after computers in all the city's libraries were infected with ransomware, a particularly virulent form of computer virus used to extort money from victims".

    Do you mean a Windows Word Macro virus?
  • STILL WORK!

    The only danger to them is the occasional termite

No extensible language will be universal. -- T. Cheatham

Working...