The St. Louis Public Library's director said all patron services have been restored after a ransomware attack against the library on Jan. 19.
In a statement, posted at slpl.org, Waller McGuire said:
"First, our main concern was investigating whether any personal information had been exposed by this attack. Because of the way our system is designed, patron information, such as addresses and phone numbers, is held in a remote location and kept secure. It was not accessed. If you have used a credit card at the library, that information has been recorded only on secure, encrypted lines by banks. It was not accessed."
He also confirmed that the library did not pay the bitcoin ransom demanded by hackers.
Services were shut down on Jan. 19, with checkout and computer use unavailable.
McGuire said: "We were able to restore the ability to check out materials on Jan. 20, and began making “reservable” computers — the hundreds of computers patrons use throughout St. Louis to access the digital world — available on Jan. 21. Free printing for patrons was one of the last public services to be restored last week."
He also said that a St. Louis company had given the library system more security: "The Library met with the owners of Bandura, who have supplied SLPL, free of charge, a sophisticated new layer of protection for our network. The owners made this major gift because they have a long history with the St. Louis Public Library, and understand the importance of the Library’s mission. I want to thank Suzanne Magee and her colleagues at Banduras, LLC on behalf of the Library."
Some staff members' computers are damaged and need to be erased and "reconstructed."
McGuire said the hack was achieved through a 4-year-old library voicemail server.
"We are well aware that our network is constantly probed for vulnerabilities. Staff immediately locked down additional aspects of our network on discovering the attack. The FBI was able to identify the ransomware used in the attack and how it operates. Tracing it through our system, we identified a small voicemail server as the point of entry. The server is 4 years old — well within its service range — but hackers were able to break into it and use it as a link to other more key equipment."