Ransomware attack behind Toronto Public Library service interruption, library says

A ransomware attack is behind a more than week-long service interruption at Toronto Public Library, the library says.

TPL confirmed the nature of the attack in a statement Tuesday morning, saying it has "engaged with" third-party cybersecurity experts and law enforcement to help resolve the situation.

"TPL has proactively prepared for cybersecurity issues and promptly initiated measures to mitigate potential impacts," the statement reads.

Telephone lines and wi-fi are still operational at all library branches, which are open as scheduled, the TPL statement says.

TPL spokesperson Ana-Maria Critchleytold CBC News there's still no evidence that any personal information related to customers or staff has been compromised.

Service disruptions affecting users

While the attack is being investigated, some library users say the service interruption is an inconveniene.

Sharon Elaine, an artist in Cabbagetown, says she uses the computers at her local branch to write and work on projects.

"I have to get projects practiced and done," she told CBC. "I have to do [them] by pen and paper."

Kyle Simmons says he goes to the branch near College and Spadina regularly to take out books and movies. He says that's been a little less efficient this week, but he's more frustrated with the loss of digital borrowing, saying he streams and borrows books digitally all the time.

However, he says these amount to small annoyances, and he's not worried that TPL has blamed the interruption on a ransomware attack.

"I don't know what sensitive information they could get other than I guess my name and address and the weird books I read," he said. "I'm not overly concerned."

Toronto's mayor had a similar reaction when asked Tuesday about the attack.

Mayor Olivia Chow said the city will look into the attack and that she hopes computer and printing services return quickly for those who rely on them. She added that she doubts whether any personal sensitive information could have been stolen.

"I don't think we collect important information. We don't ask people for money in libraries."

Why target a library?

One expert says it's not surprising a library might be targeted as cyberattacks are become more common for public institutions in general.

Charles Finlay, executive Director of the Roger CyberSecure catalyst at Toronto Metropolitan University, says ransomware attacks often involve leveraging illegally collected sensitive information for money. Arecent attack on five Ontario hospitals has led to health information being published publicly on the dark web, for instance. Butthat's not the only goal, he says.

Sometimes, attackers simply ransom control of an institution's digital infrastructure, Finlay says. Without knowing the full scope of the situation, he says he believes that's likely the case here.

"In Canada and around the world right now, it is a multi-billion dollar criminal industry that is highly resourced, it's highly innovative, and is, unfortunately, highly profitable for the ransomware gangs that launch these attacks."

Finlay says the TPL was right to be transparent with the public about the attackand to have had a plan in place for such an event.

"It is not a question of if an institution like the public library or other public sector institutions are going to be attacked, it's a question of when," he said. "So every institution needs to have a plan in place."

Finlay says law enforcement often advises institutionsagainst paying these ransoms to avoid encouraging future attacks, but that can be a difficult decision when accessto critical digital infrastructure and personal data is at stake. Ultimately it's up to the individual institution, he says.

TPL has not commented on who might be behind the attack, what they want, or how the library plans to address it.