by Laura Bednar
All 19 branches of the Akron-Summit County Public Library were hit by a ransomware attack at the end of May.
Ransomware is a type of malicious software that prevents access to files, systems and networks. Perpetrators often threaten to release victims’ data unless a ransom is paid.
Carla Davis, marketing communications director for the Akron library, said she could not share details about the origin of the attack or what information was compromised because the attack is still under investigation.
Ransomware can penetrate computers in a variety of ways. The Federal Bureau of Investigation noted that people can unknowingly download ransomware through an email attachment, clicking an ad, following a link or visiting a website embedded with malware. Victims are told not to pay the ransom, because it does not guarantee systems will be restored and opens organizations to future attacks.
“Attacks like these are common across the country,” said Davis. This is the first ransomware attack she has witnessed in 23 years with the library and said it is the first attack, to her knowledge, in the library’s history.
A media statement from the library read, “Immediately upon learning of the incident, our team acted quickly to investigate and secure our systems. In addition, we have engaged external cybersecurity experts to assist in our investigation and response efforts.”
None of the libraries closed after the attack, though many services were unavailable for a time.
As of late July, the following systems have been restored: Akronlibrary.org; online catalog including My Account; phones, public Wi-Fi, public computers, public printing, public faxing and copying at all locations; in-person checkouts, returns and library card registrations; auto-renewal service; hold, overdue and renewal email notices; mobile app; digital collection including Libby, hoopla, Kanopy, IndieFlix, Qello and The Great Courses; and meeting room reservations.
Unavailable are mobile printing, catalog computers at all locations and online library card registration.
Davis said there is no timeline as to when the investigation will end.
If it is determined that any sensitive data has been compromised, such as library patron information, Davis said the affected individuals will be notified.
“I’m confident that with the cyberscurity experts’ help, we will make sure the system is secure going into the future,” said Davis, adding that the community has been understanding and the library appreciates their patience. ∞