The British Library is on its knees due to ransomware

Security Awareness
5 January 2024
Rhysida, the new ransomware gang behind British Library cyber-attack

The ransomware attack that has held the temple of world culture at a standstill for more than two months

The attack

This time, hackers hacked and seriously damaged a temple of global culture, the British Library which, with its more than 170 million documents, including books, newspapers, magazines, maps, drawings, scores and manuscripts, is one of the most important libraries in the world.

The British Library, which was founded in London in 1973 and is visited every year by more than one and a half million people, is a stronghold of knowledge and culture: about 3 million new documents are added to its collection every year because it receives a copy of every publication released in the United Kingdom and Ireland; in its rich sound archive it holds recordings ranging from 19th-century cylinders to CDs, DVDs and MDs; in addition, it has a huge collection of about 8 million stamps and other philatelic objects.

According to the Times, if all the shelves on which the library’s books are stored were placed side by side, they would exceed 800 kilometres in length.

All this immense heritage has been inaccessible since 28 October, leaving not only the whole of the United Kingdom but the entire international community that had access to its services in a state of great concern.

The process of digitalising the archive, which began in the 1990s and encompassed billions of files, enabled access to everyone, so much so that there were about 10 million accesses every year.

Today all these resources are frozen, waiting for the tug-of-war to end between a renowned group of criminals, the Rhysida group.

However, it cannot decide independently to pay to resolve the issue because it depends on the National Department of Culture, Media and Sport.

Data sold on the dark web: adding insult to injury

The group – which is believed to be active in Russia and is suspected of having also carried out other cyberattacks, including those against the Chilean army, the University of the West of Scotland and the Kuwaiti Ministry of Health – in addition to blocking the Library’s website, online archive and paper documents that can only be consulted through the digitalised system, also auctioned a package of 490,000 pieces of personal data on the dark web at a starting price of 20 bitcoins, or about 780,000 euros. It also published copies of passports, driving licences and other documents believed to have been obtained in the attack on the British Library.

The attack, which is being investigated by both the police and the National Centre for Cybersecurity, has sparked a debate in the UK over the security of public institutions’ IT systems. In particular, those that are most critical from the point of view of personal data, such as schools and hospitals. According to the National Cyber Security Center (NCSC), it is often the case that hackers target these systems because they are considered less protected than private ones.
In addition, according to the latest regulations, there is a risk that the institution may be held partly responsible for breaches of confidential information whose security it should guarantee. In short, it adds insult to injury. These measures were issued by the Information Commissioner’s Office (ICO), in the United Kingdom and aim to hold organisations that hold sensitive data accountable.

In Italy

Also in Italy, the Personal data protection authority has decided that victims of ransomware attacks will be penalised, in particular, if they have not taken steps to apply more stringent measures for data protection and cyber risk management.

In our country, there have been several attacks on public institutions in recent years. Hospitals are often subject to these breaches and are forced to pay significant ransoms to prevent their employee data and patient records from ending up at auction on the dark web. When the ransomware attack produces a personal data breach, it is up to the data controller to make all appropriate notifications to the data subjects and the Data Protection Authority.
Ransomware is malware that infects computers and makes data inaccessible to ask for a ransom to restore it. As the name itself implies, with the mention of “ransom”.

The threat generally comes via emails, which are disguised as banking or other communications, which prompt users, typically employees or collaborators of a company or organisation, to download attachments or click on a link. This action installs software that acts in the background by excluding the user from accessing files on the targeted computer, via cryptographic lock.

From the point of view of criminals it is a relatively easy, profitable and therefore very attractive action, so much so that it has become one of the main threats that stem from the web.

For companies, on the other hand, the damage is enormous because, in addition to the actual ransom, they must take into account the interruption of their activities, the loss or damage to data that often is not restored despite the payment of the ransom and, finally, the reputational damage.

Certainly, in recent years the situation has improved thanks to the Strategy for cybersecurity 2022–2026, which has enabled greater investments (In 2022, our country spent over 1.8 billion euros on cybersecurity, an increase of 300 million euros compared to 2021) and an increasingly widespread awareness.

The latest ransomware data

But there is still a lot to be done. Suffice it to say that, according to the most recent “Threatland” report, in Italy in the second quarter of 2023, the ransomware phenomenon grew by +34.6% compared to the previous quarter and in November 2023 alone there were 89 ransomware attacks, the highest number since 2020.


To defend yourself and avoid falling into the trap, technical measures are always useful.

Among these, the most important measures are backup strategies, proper management of authentication credentials and the installation of monitoring and anti-intrusion systems to quickly detect any infection.

However, since these are methods of attack that exploit the human element by leveraging distraction or lack of knowledge, it is of fundamental importance to pay extreme attention to the actions carried out online, without neglecting any detail.

For companies and organisations, it is therefore necessary to invest in adequate cybersecurity awareness programmes, which provide for the correct and up-to-date training of all their employees.
These must be transformed from potential victims into the first line of defence. Faced with a barrier built based on knowledge and ongoing practical exercises, it will be very difficult for criminals to break into the organisation and cause damage like that which occurred at the British Library.

Related Articles

Clusit 2024 report: data of concern

Clusit 2024 report: data of concern

Manufacturing targeted in Italy but attacks on health care grow 83% over first half of 2023.The centrality of the human factor. From the cyber front comes no good news. On the contrary, the war (because this is what it is all about) is more heated than ever and the...

read more