The attack on the city’s libraries follows a similar event that shut down the school district’s networks, crippling operations for three days. County officials called the FBI as soon as attack was confirmed.
(TNS) — The Onondaga County library computer system was disabled last week by the same ransomware as the Syracuse school district, but thus far the county has not received a ransom demand, officials said today.
FBI agents are working with county library officials and private contractors to investigate, said Virginia Biesiada, a library trustee.
The city school district, which was attacked first, has received a demand for ransom, a knowledgeable source says. School district officials have declined to confirm or deny that.
The library system’s computer network was disabled July 12 by Ryuk ransomware, the same malware that crippled the school district system three days before, according to Justin Sayles of the county executive’s office.
Ryuk has been linked to a criminal group known as Grim Spider, which experts at cybersecurity firm CrowdStrike suspect is based in Eastern Europe. Ryuk has been used to attack large companies and government institutions during the past year, according to several news reports. The ransomware is apparently named after Ryuk, a fictional character in a Japanese graphic novel series, “Death Note.”
County officials called the FBI as soon as the attack was confirmed July 12, Biesiada said. There is still no estimate of when the network will be restored, she said. The school district computer system was attacked July 9.
Libraries remain open and continue to lend materials and to conduct regular programs. But the ransomware has disabled the countywide card catalog. Phones and WiFi service in the downtown central library and city branches also are disabled.
Ryuk has been used to attack a variety of targets in the United States in recent months, including a North Carolina water utility, two cities in Florida and several newspaper printing presses, according to news reports. The malware typically installs itself after someone on the system opens an infected attachment or link received via email.
©2019 Syracuse Media Group, N.Y. Distributed by Tribune Content Agency, LLC.