An update on the ransomware attack

As of today, Monday, January 30, all St. Louis Public Library technology used by patrons has been restored to service after having been interrupted by a ‘ransomware’ attack on January 19. 

We were able to restore the ability to check out materials on January 20, and began making “reservable” computers - the hundreds of computers patrons use throughout St. Louis to access the digital world – available on January 21. Free printing for patrons was one of the last public services to be restored last week.

For most patrons, the Library was functioning normally a day or two after the attack. In truth, much work remains to be done behind the scenes. 

 Once we had regained control over our network, staff made patron services our first priority. Therefore, many individual staff computers are still affected, and must be completely erased and recreated. This is inevitably affecting how we can respond to some requests for information and help. We continue to identify, isolate and repair the damage that was done, but I expect it will be several weeks before we feel we are completely restored.

What Happened?
On January 19, criminals hacked into the Library’s very extensive computer network and succeeded in damaging or encrypting the computer files that run the network. When staff went to bring up the network for public use, they found a ransom message demanding payment through an anonymous account in order to be given the encryption code to restore our network.

I want to repeat two assurances to the community:
First, our main concern was investigating whether any personal information had been exposed by this attack. Because of the way our system is designed, patron information, such as addresses and phone numbers, is held in a remote location and kept secure. It was not accessed. If you have used a credit card at the Library, that information has been recorded only on secure, encrypted lines by banks. It was not accessed.

Second, the St. Louis Public Library never paid any ransom. Staff brought the demand to me within moments of discovering it, and we were on the phone with the FBI moments later. Although I understand that the decision to pay can be complex for many institutions and companies, SLPL never considered it.

 Some portions of our system remained unaffected and continued to be heavily used throughout our recovery. SLPL’s website, including the catalog and downloadable materials, remained active and busy. Our powerful wireless network remained in heavy usage in all of our locations.

How Has the Library Responded?
I deeply regret that criminals were able to find and exploit a weakness in our network, and interrupt important Library services to thousands of you across St. Louis. 

Patrons and taxpayers have every right to expect Library services to be protected and accessible, to know what happened, and what is being done to prevent it from happening again.

Library networks are very different from private or most government networks: our mission is to provide open and free access to information for all. Thousands of St. Louisans depend on our computers and networks every day to access a world of vital information and services.  Balancing that demand for open access against the need for protection takes a great deal of staff work and expense. 

We are well aware that our network is constantly probed for vulnerabilities. Staff immediately locked down additional aspects of our network on discovering the attack. The FBI was able to identify the ransomware used in the attack, and how it operates. Tracing it through our system, we identified a small voicemail server as the point of entry. The server is 4 years old – well within its service range – but hackers were able to break into it and use it as a link to other more key equipment. 

The voicemail server is offline. I mention this because many are curious about how the attack occurred; and because a number of security experts have inspected their own voicemail servers on learning of this attack. Our protection systems and software were sophisticated and up-to-date, yet we were successfully breached. We continue to study and lock down our vulnerabilities as we restore systems.

I would like to mention one aspect of our response because it has been a gift to us. A local company, Bandura, supplies hacking protection to a variety of private and government agencies. The Library met with the owners of Bandura, who have supplied SLPL, free of charge, a sophisticated new layer of protection for our network. The owners made this major gift because they have a long history with the St. Louis Public Library, and understand the importance of the Library’s mission.  I want to thank Suzanne Magee and her colleagues at Banduras, LLC on behalf of the Library.

SLPL will not be done with this incident for some time, but I hope the thousands of you in our buildings and on our website today only find a fully functioning and openly accessible public library.

I would like to thank the FBI and other security agencies for responding quickly, and for continuing to investigate this disturbing crime.  The public has every right to expect excellent service from their public servants, but I would like to thank my colleagues at the Library who responded with skill and passion. There were many 48-hour days and much exemplary work trying to quickly give the Library back to our patrons. Staff here believe deeply in the mission of the Library and I’m proud of them. Many of you have expressed concern and support, and we thank you for it.

I feel public libraries are a deeply American idea.  Libraries embody the belief that our communities improve themselves by providing open access to the vital world of information and learning. That everyone in our community is enriched when anyone can walk through our doors and help themselves to the rich resources we offer. Increasingly those resources are digital and accessed online.  This attack attempted to hold information ransom. That frightens and angers all libraries and librarians, and it should anger you.

I am sorry for the interruption of key services at your Library.  The St. Louis Public Library is working hard to be the excellent Library you need and deserve.

Sincerely,

Waller McGuire
Executive Director of the St. Louis Public Library