Surviving Ransomware Attacks (PSA for libraries…and the rest of us)

It’s not often my worlds collide. Ransomware – malicious programs that lock up files and demand payment to recover – landed at the crossroad of books and cyber crime this month. Libraries are falling victim to attacks.

Example of what a ransomware attack looks like to the victim.

For the record, I am not involved in any investigations I’m about to discuss. All of the information is public.

Last summer, libraries in Texas were hit with ransomware. However, those libraries were collateral damage in an attack against statewide government systems. The more recent events are different because the sole victim organizations are libraries.

On January 3, the administrative office of a county library was ground zero in an attack that took 26 libraries in Northern California offline. Some of the computers are still offline as I write this. On January 9, a library in Florida also fell victim. This is strictly an opinion but I don’t think the bad guys are targeting libraries, I think the attacks are opportunistic. There’s no compelling financial reason to target organizations that don’t (generally) store sensitive data like credit card information or Social Security numbers. Rather, I suspect library employees are falling victim to a criminal tactic known as “spray and pray,” where bad guys send out large waves of spear phishing emails (emails with malware attachments or embedded links) to addresses exposed in breaches or gathered from public sources.

Whether you’re responsible for the safety and security of 1 computer, 100, or 1000’s, ransomware prevention and recovery advice is the same:

Backup regularly and store the backups offline. Cloud-based backups don’t count – many ransomware families will target “live” backups. If you can reach your data easily, so can ransomware. Store your backups on offline (disconnected) devices, such as USB mass storage drives.

Keep up to date with security patches/updates. The 3 major operating systems (Windows, Mac, Linux) can be configured to automatically update. Also keep current with updates & patches on products from Adobe (Flash, Acrobat), Microsoft Office, and Java. If you choose not to auto update, go straight to the source when updating – do NOT just click because you see a prompt. This is a long-established bad guy trick. Here are links to the security update pages for these products:

Microsoft Office (for both Mac & Windows):



Install antimalware/antivirus. Keep it current, set it for continuous protection, and run regular full system scans. This includes you, Mac users.Think before you click. Were you expecting that email? Or that document attached to an email? When in doubt, contact the sender to verify. Over 9 billion email addresses are now or have been compromised, which means bad guys can & do pretend to be someone you know to trick you into installing malware.

These steps are not a guarantee against mishaps and malware, but they’re a great start. The data you save may be your own.


Leave a Reply

Your email address will not be published. Required fields are marked *