Three months after a debilitating ransomware attack hit the Toronto Public Library (TPL), its website is up and running again an important milestone in our recovery efforts, the library said.

Were just as eager as you are for things to get back to normal, TPL said in a post on X on Monday. Full recovery is a gradual process, and the end is in sight. Thanks so much for sticking with us!

TPL has said it expects its network of 2,000 public computers, which are a lifeline for those who depend on them to apply for jobs, housing and government services, to be available for booking early next month. The librarys popular online catalogue and the Your Account feature, which allow users to search for and reserve items, should be working again by late February.

The full and safe recovery of our services will take time, and we truly appreciate your patience and understanding during this challenging time, TPL said in a statement.

Canadas largest library system has said it refused to pay those responsible for the attack who have been identified as the Russia-linked Black Basta group. The library has alleged that those responsible stole a large number of files from a server containing employee information, including names, social insurance numbers, dates of birth and home addresses.

The stolen data might be published on the dark web, the library said. TPL has hired a cybersecurity expert to assess the extent of the breach.

The librarys cardholder and donor databases werent affected, but some data from customers, donors and volunteers that was located on the compromised file server may have been exposed, the library said.

It will take us time to analyze data to determine who is affected and how. We will continue to be transparent and notify those affected as appropriate and in light of our findings, the library said.

New details are also emerging about another ransomware attack earlier this month, targeting the Toronto Zoo.

The ransomware gang that stole the personal data of current and former zoo employees has identified itself as Akira.

In a post on its data leak site on the dark web, the international crime group believed to have formed last year says that unless the zoo pays a ransom, 133 gigabytes of data will be published soon, including nondisclosure agreements and personal documents, such as drivers licences.

The city-owned zoo will not pay the $1.6 million ransom demand, zoo board chair Coun. Paul Ainslie said in an interview on Monday. The zoo is working with Toronto police, city cybersecurity staff and outside experts to protect the computer system and ensure its not vulnerable to another attack, Ainslie said.

The zoo and the library have both offered current and past employees free use of a credit monitoring service for two years to check for signs of identity fraud using their stolen information.

The zoo didnt experience a major loss of website functions and the attack didnt affect the safety of animals, the zoo said.

Brett Callow, a threat analyst with Canadian cybersecurity firm Emsisoft, said Akiras targets are varied. Ransom demands can range from tens of thousands of dollars to more than $100 million, Callow said.

They dont seem to have a type of victim it seems to be any organization that could potentially pay, he said.

But even organizations that do pay might not be free of Akira, Callow said. In some cases, he said Akira has returned to those who paid ransoms, posing as a security consultant claiming that Akira still had sensitive data, which would require further payment to delete.

With files from David Rider.

Read this article:
Toronto Public Library website back online after ransomware attack - Toronto Star