Seattle Redditors Respond to Ransomware Attack on Public Library

Date:

June 24, 2024

World map

Recently, the Seattle Public Library (SPL) fell victim to a ransomware attack orchestrated by a cybercriminal gang. This attack not only disrupted library services but also triggered significant reactions from the local community.  

We aim to showcase the diverse responses of locals as expressed through a Reddit post directed at the attackers and its comments, which reflect the community's concerns, knowledge, and experiences related to the incident.  

By analyzing these reactions, we gain valuable insights into the community's stance on cybersecurity and their collective efforts to address the challenges posed by such cyber threats.

On May 25, 2024, during a planned maintenance period over the Memorial Day weekend, the SPL fell victim to a ransomware attack. This led to a severe disruption of digital services, affecting staff and public computers, the online catalog, e-books, in-building Wi-Fi, and the library website.  

The library had to revert to manual processes for book checkouts and other operations, significantly impacting the usual convenience and efficiency of services. Despite these challenges, the library's 27 locations remained open, and some digital resources were gradually restored by mid-week.

A Reddit post "To the person who sent the ransomware to the Seattle Public Library..." by user ladicair from Lake City expressed intense anger towards the perpetrators, condemning them for the severe inconvenience caused. The post highlighted how the attack crippled the library's ability to function, especially affecting those who rely heavily on its resources. The post quickly gathered a whooping 2.4K upvotes from platform users.

User ladicair writes: "You should burn in the lowest circle of hell. Their website is a crucial part of the library system, and having it be offline for more than a week is more than just a nuisance, it's crippling their ability to do things like check in books. I regularly use the website to look up what's new, and have had no luck with that (obviously). My books are about to go overdue, but they won't take them because they can't check them in with the system down. I depend on the library and the website since I am a book addict - I read 6 - 10 books a week. You probably are giggling over the amount of trouble you've caused, you useless excuse for a human and waste of carbon."

The Reddit thread quickly became a hub for discussions about the attack, with residents sharing their concerns, knowledge, and personal experiences. Many agreed with the poster's outrage at the attack on their beloved public library. They expressed how they were personally affected or how they knew locals who were being affected.  

The depth of the attack was evident: not being able to check out e-books or audiobooks, the extent of the physical library's impact, such as non-functioning printers, and the disruption to the check-out or return of books.  

Users shared their knowledge of ransomware, their concerns regarding the motives behind the attack, and the targeting of public institutions. They provided support and resilience by sharing updates, alternative solutions, and temporary fixes to help their fellow locals and Redditors.

Concern over the disruption of systems crucial to public use was expressed by numerous users. Redditors commented on the inconveniences faced by students who rely on the library for research and digital resources.  

They discussed needing to find alternatives, such as using old technologies, less useful resources, or even requiring third parties for help—tasks that the library typically provides tools to accomplish:

"I need the newspaper archive for a school project and haven't been able to get anything done for days now. Microfilm is so much harder to use than the simpler online service..." ~ EPLWA_Is_Rele****

"Yeah, even shutting down any printing that you might need is rough—I can’t print out some critical documents, and I only need to print things once a year. Now I need to find an alternative venue. Very annoying..." ~ unpuzz****

One local even claimed to have purchased a printer due to the situation. They recounted going to a library branch to print copies of their resume for a job interview, only to find the service unavailable. Scrambling to find an alternative printer, the resident remains frustrated by the inconvenience caused by the attack.

Several commenters shared their knowledge and personal experiences with ransomware attacks, providing a deeper understanding of the issue and empathizing with the victims—both workers and individuals who need the hacked services.

"My hometown had this happen to their public transit disability services. They had to do complicated ride planning all by hand for more than a month. It greatly impacted thousands of vulnerable people and the workers who probably really burnt out over the period. AWFUL, no excuse hacking." ~ SpicyPossumCosmo****

"You think that’s bad, they did CHI (6+ local hospitals and affiliates) last year and just hit Ascension. People died last year and are currently dying in Ascension facilities." ~ Top_Temperature_****

Some users voiced concerns about the practical impacts on their daily lives, reconsidering turning in their borrowed reading materials or being conflicted about due dates. Some even made trips to the library, unaware that late fees had been halted, wanting to do right by the library.

"Your books won't be counted as overdue. I spoke with a librarian yesterday and was told to just hold on to the book until the system is back up." ~ puntific****

"My friend is a librarian, and she's telling me this, yet people keep dropping off books. They're keeping paper records of check-ins and check-outs as best they can, but at some point, someone's going to have to type it all into a computer if those records are to be retained. They can't just store all the books that arrive on a given day and wait for the system to get back up, because A) it could be months until they recover, and B) it is the nature of libraries to store books in the stacks." ~ Sunf****

Meanwhile, it’s not unusual for public outrage to be common when it comes to public service attacks that affect vulnerable and at-risk individuals, such as institutions relying on public funding, private and public organizations that care for the ill, elderly, disabled, and children, like schools, non-profits, cancer treatment centers, and hospitals.  

The anger towards the attackers becomes palpable, with many comments expressing frustration and disdain towards the criminals:

"I sure hope that they can be charged with the deaths of those patients." ~ saxro**** (in relation to another ransomware attack that targeted a health services and hospitals entity)

"Agreed, what a piece of sh*t going after an innocent public service that helps so many." ~ ImpressiveAppeal**

Some comments reveal common myths and knowledge about ransomware attacks. A common myth were suggestions or comments about the library paying the ransom demanded by the criminals, highlighting the need for better public awareness and education.  

However, there were also some user insights about the strategies ransomware groups use when targeting entities, such as exploiting vulnerabilities in potential victims rather than having a clear motivation to attack a specific institution.

"Ransomware isn't usually a targeted kind of thing. It's more like a 'send it everywhere and wherever we can find a weakness go there' kind of thing. The reason hospitals, libraries, etc., fall victim is because they have atrocious cybersecurity investment, training, and practices. Not because some dude was like 'Hey, let me attack the library for all that sweet cash'... These attacks being successful are usually the fault of an employee doing silly stuff they shouldn't be doing." ~ bi****agof**

Another frequently seen reaction is users quickly speculating about the broader geopolitical motives behind such attacks, often pointing fingers at state-sponsored actors. While there’s some truth to this, based on previous cases in national and international law, most groups make it clear that their purpose is purely economic profit, regardless of their location or nationality.  

Politically motivated cases usually have a huge impact and are easily picked up by media outlets, further pushing this belief:

"There is no giggling. It's not a prank. It's almost certainly a Russian professional hacking organization acting with their government's endorsement if not outright employment. And yes, **** them, and more precisely the whole Russian government." ~ ImRightImR****

But what shines through the post is the deep affection for public libraries and concerns about their funding, both prior to and following the attack.  The overall sentiment is that public libraries, which are already operating on tight budgets, are now even more vulnerable due to the additional financial strain caused by ransomware attacks:

"I totally understand how this happened. Libraries and their staff aren’t valued by people like they should be, so they work on a crazy tight budget. What I don’t understand is how there are huge businesses here that could be helping the library right now and they aren’t doing anything. I just feel like in times like this they should be donating to the library or at least offering some help with making sure this doesn’t happen again." ~ snoorabbits****

Indeed, the Reddit post has served the community like a citizen’s assembly, where Seattleites discussed a serious issue with a strong sense of community, providing an interesting perspective on how cybercrime can impact our daily lives.

A post from the West Seattle Blog provides us with additional context and details about the Seattle Public Library (SPL) attack, emphasizing the library's response and recovery efforts. The library engaged third-party forensic specialists, contacted law enforcement, and took all systems offline to prevent further damage.  

The SPL's communication strategy focused on transparency, with regular updates provided through their Shelf Talk Blog. This approach helped maintain public trust and kept patrons informed about the status of services.

Cybersecurity experts, as cited in a detailed report on the attack, recommend several measures for preventing similar incidents in the future. These include comprehensive recovery and rebuild plans that are periodically tested, two-factor authentication to enhance security, regular system updates and patches to minimize vulnerabilities, and strict access controls to limit access to critical systems.

The ransomware attack on the Seattle Public Library has had a profound impact on both the institution and the community it serves. The reactions on Reddit provide a snapshot of the community's concerns, knowledge, and resilience in the face of such challenges. From practical suggestions on cybersecurity to heartfelt opinions about the attackers, the discussion offers a comprehensive view of the local response.

This is not the first time library patrons have turned to Reddit to discuss ransomware attacks. Back in October 2023, and throughout the following months of affected services and systems, /r/Toronto became flooded with posts from users regarding the Toronto Public Library ransomware attack perpetrated by the BlackBasta group. Locals used the subreddit to provide updates, share their thoughts, and recount their experiences in the public forum.  

The vulnerabilities faced by public institutions are increasingly evident in today's landscape, with attacks becoming more frequent and widespread in our daily lives, whether at work, through hired services, in public services, or even in our news feeds.

Libraries and other public services must continue to evolve in the digital age. Safeguarding their digital infrastructure can no longer be overlooked or delayed, as it is now essential to ensure they can continue to serve their communities effectively.  

In 2023, the education sector reported the highest rate of ransomware attacks, with 80% of lower education and 79% of higher education providers affected, a significant increase from previous findings.  

Compromised credentials and vulnerabilities were, in fact, the most common causes, with emails being the starting points for nearly one-third of the attacks. By learning from past attacks and implementing recommended measures, libraries can enhance their defenses and remain a cornerstone of public access to information and services.



Further Reading:

For more detailed discussions and community reactions, visit the original Reddit post in /r/Seattle.

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.