The 2023 Rhysida Ransomware Attack on the British Library

Prioritisation, Expertise, and Funding Issues

Authors

  • Frank Houghton Technological University of the Shannon
  • Michael Winterburn Technological University of the Shannon
  • Ken Oakley Technological University of the Shannon

DOI:

https://doi.org/10.5860/ital.v44i1.17112

Keywords:

Cybersecurity, ransomware, British Library, Identity

Abstract

The British Library is a flagship library that plays a pivotal role in the UK learning and research infrastructure, in addition to being a central conduit for international library linkages. However, in late October 2023, this premier institution was the subject of a cyberattack that has left it crippled. The Rhysida group perpetrated this catastrophic ransomware attack. Underfunding and threat identification are explored as potential weaknesses resulting in deficiencies in the British Library’s online security systems. To help prevent further such assaults in libraries, this Commentary also details what is known about the attack and how such breaches might be prevented in the future.

References

“#StopRansomware: Rhysida Ransomware,” CyberSecurity & Infrastructure Security Agency, November 15, 2023, https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a.

Alex Scroxton, “British Library Cyber Attack Explained: What You Need to Know,” ComputerWeekly.com, January 15, 2024, https://www.computerweekly.com/feature/British-Library-cyber-attack-explained-What-you-need-to-know.

British Library, “Learning Lessons from the Cyber-Attack: British Library Cyber Incident Review,” March 8, 2024,” https://www.bl.uk/home/british-library-cyber-incident-review-8-march-2024.pdf.

British Library, British Library Annual Report and Accounts 2021–22 (Department for Culture, Media and Sport and British Library, 2022).

British Library, British Library Annual Report and Accounts 2022–23 (Department for Culture, Media and Sport and British Library, 2023).

“Command and Scripting Interpreter: PowerShell,” MITRE ATT&CK, accessed January 15, 2025, https://attack.mitre.org/versions/v14/techniques/T1059/001/.

Connor Jones, “Cybersecurity Snafu Sends British Library Back to the Dark Ages,” The Register, October 31, 2023, https://www.theregister.com/2023/10/31/british_library_it_outage/.

“The Cyber Kill Chain®,” Lockheed Martin, accessed January 15, 2025, https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html.

“Cybersecurity Framework,” National Institute of Standards and Technology, accessed January 15, 2025, https://www.nist.gov/cyberframework.

Dalya Alberge and Fiona Parker, “JK Rowling’s Address Could Be on Dark Web After British Library Cyber Attack,” The Telegraph, December 5, 2023, https://www.telegraph.co.uk/news/2023/12/05/jk-rowling-personal-data-compromised-british-library-hack/.

“Data Encrypted for Impact,” MITRE ATT&CK, accessed January 15, 2025, https://attack.mitre.org/versions/v14/techniques/T1486/.

“Financial Theft,” MITRE ATT&CK, accessed January 15, 2025, https://attack.mitre.org/versions/v14/techniques/T1657/.

Frank Houghton, “Caught in Crossfire: Library ‘Troubles’ in Northern Ireland Exacerbate Ongoing Issues,” Journal of Radical Librarianship, 9 (2023):180–86.

Gareth Davies, “The Challenges in Implementing Digital Change,” HC 575, National Audit Office, July 21, 2021, https://www.nao.org.uk/wp-content/uploads/2021/07/The-challenges-in-implementing-digital-change.pdf.

Geraldine Kendall Adams, “Museums on Alert Following British Library Cyber Attack,” Museums Association, December 20, 2023, https://www.museumsassociation.org/museums-journal/news/2023/12/museums-on-alert-following-british-library-cyber-attack/.

Glyoon Kim et al., “A Method for Decrypting Data Infected with Rhysida Ransomware,” accessed January 15, 2025, https://doi.org/10.48550/arXiv.2402.06440.

House of Commons Committee of Public Accounts, Digital Transformation in Government: Addressing the Barriers to Efficiency, Seventieth Report of Session 2022–23, September 13, 2023, https://committees.parliament.uk/publications/41388/documents/204091/default/.

Jennifer Kurtz, “20 Cybersecurity Statistics Manufacturers Can’t Ignore,” National Institute of Standards and Technology, February 27, 2020, https://www.nist.gov/blogs/manufacturing-innovation-blog/20-cybersecurity-statistics-manufacturers-cant-ignore.

Lamoma Ash, “Thanks to a Shadowy Hacker Group, the British Library Is Still on Its Knees. Is There Any Way to Stop Them?,” The Guardian, February 6, 2024, https://amp.theguardian.com/commentisfree/2024/feb/06/hacker-british-library-cybersecurity-cybercrime-uk.

LibTomCrypt (Github), accessed January 15, 2025, https://github.com/libtom/libtomcrypt.

“Netlogon Elevation of Privilege Vulnerability,” Microsoft, updated February 11, 2021, https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472.

“Phishing,” MITRE ATT&CK, accessed January 15 2025, https://attack.mitre.org/versions/v14/techniques/T1566/.

“Ransomware Trends, Statistics and Facts Heading into 2024,” TechTarget, January 3, 2024, https://www.techtarget.com/searchsecurity/feature/Ransomware-trends-statistics-and-facts.

“Remote Services: Remote Desktop Protocol,” MITRE ATT&CK, accessed January 15, 2025, https://attack.mitre.org/versions/v14/techniques/T1021/001/.

“Remote Services: SSH,” MITRE ATT&CK, accessed January 15, 2025, https://attack.mitre.org/versions/v14/techniques/T1021/004/.

“Rhysida Decryption Tool,” KISA, accessed January 15, 2025, https://seed.kisa.or.kr/kisa/Board/166/detailView.do.

“Rhysida,” SentinelOne, accessed January 15, 2025, https://www.sentinelone.com/anthology/rhysida/.

Rhysida Ransom Note graphic, CyberSecurity & Infrastructure Agency, accessed January 15, 2025, https://www.cisa.gov/sites/default/files/styles/medium/public/2023-11/Figure%201%20-%20Rhysida%20Ransom%20Note.png?itok=JtyDjHnc.

“Rhysida Ransomware,” Health Sector Cybersecurity Coordination Center, August 4, 2023, https://www.hhs.gov/sites/default/files/rhysida-ransomware-sector-alert-tlpclear.pdf.

Roly Keating, “Knowledge Under Attack. British Library,” Knowledge Matters Blog, December 15, 2023, https://blogs.bl.uk/living-knowledge/2023/12/knowledge-under-attack.html.

Rupert Goodwins, “Ransomware-hit British Library: Too Open for Business, or Not Open Enough?,” The Register, November 27, 2023, https://www.theregister.com/2023/11/27/british_library_opinion_column/.

“Threat Profile: Rhysida Ransomware,” SOCRadar, updated November 16, 2023, https://socradar.io/threat-profile-rhysida-ransomware/.

Tim Richardson, “UK Celebrates 25 Years of Wasteful, 'Underperforming' Government IT Projects,” The Register, July 23, 2021, https://www.theregister.com/2021/07/23/nao_govt_it_projects/.

Valecia Stocchetti, “Abusing Scheduled Tasks with Living off the Land Attacks,” Center for Internet Security, accessed January 15, 2025, https://www.cisecurity.org/insights/blog/abusing-scheduled-tasks-with-living-off-the-land-attacks.

“Valid Accounts,” MITRE ATT&CK, accessed January 15, 2025, https://attack.mitre.org/versions/v14/techniques/T1078/.

William C. Barker, William Fisher, Karen Scarfone, and Murugiah Souppaya, “Ransomware Risk Management: A Cybersecurity Framework Profile,” NISTIR 8374, National Institute of Standards and Technology, February 2022, https://doi.org/10.6028/NIST.IR.8374.

Downloads

Published

2025-03-17

How to Cite

Houghton, F., Winterburn, M., & Oakley, K. (2025). The 2023 Rhysida Ransomware Attack on the British Library: Prioritisation, Expertise, and Funding Issues. Information Technology and Libraries, 44(1). https://doi.org/10.5860/ital.v44i1.17112

Issue

Vol. 44 No. 1 (2025)

Section

Communications

License

Copyright (c) 2025 Frank Houghton, Michael Winterburn, Ken Oakley

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Authors that submit to Information Technology and Libraries agree to the Copyright Notice.