Cybersecurity incident at Calgary Public Library suspected ransomware attack

The Calgary Public Library says its teams have confirmed last week’s cybersecurity incident was the result of an attempted ransomware attack.

“As of today, we can confirm our cybersecurity team’s suspicions that this was an attempted ransomware attack that our monitoring systems blocked,” it said in a statement on Friday.

“As part of our containment protocols, we proactively shut down all servers and systems. The library was not associated with any threat agent.”

On October 11, a cyberattack forced the closure of all 22 physical public library locations across the city.

These locations only reopened on Wednesday of this week, but continue to offer modified services as the organization continues to experience disruption due to what the library described as a “discovered cybersecurity breach.”

Patrons currently have access to library spaces and services that do not require technology.

“Libraries are a fruitful destination”

Ritesh Kotak is a Toronto-based cybersecurity and technology analyst who has been following the news out of Calgary. Kotak said there is no typical timeline for how long it might take to safely restore all operations.

“It depends on the complexity and simply the number of systems involved. … It just takes a while if you want to be thorough,” he told CBC News on Friday.

He said securing the system is not a simple series of procedures and every system is different.

“It appears the Calgary Public Library had the proper protocols in place and did everything right.”

As for the information that was accessed, the Calgary Public Library said it is still investigating the incident and is working to determine whether any staff or member data was affected.

According to Kotak, a ransomware attack typically occurs when a system is infected with malicious software, most often due to suspicious email links being lost.

“Libraries are a rich destination, and the reason is they have a lot of data,” Kotak said.

“When you start getting people’s names, addresses, phone numbers, email addresses and potential payment information, you can take that data with you, and that has financial value to hackers and fraudsters.”

He said that data could then be used for crimes such as identity theft or any other way hackers want to exploit data to make money.

“Think of all the times we hear about hacks and security breaches,” he said.

“If you take the information from the public library and then mirror it with information from other hacks and correlate that information, it creates a pretty intrusive picture of a person.”

The library says it will keep the public updated as more information becomes available, including reporting any privacy implications.