Ransomware gang RansomHub today claimed responsibility for a cyber attack on the Delaware Division of Libraries that caused a statewide internet outage at more than 30 libraries.
Delaware libraries lost internet access starting Friday, September 20, 2024, when hackers attacked servers used by library computers. Internet access and printing on library computers is still unavailable as of time of writing, and a few libraries are temporarily closed due to the attack.
The Division of Libraries has not verified RansomHub’s claim. Attackers demanded about $1 million to restore the library’s systems, according to the Division director, who says she instructed the Division to not pay the ransom. Instead, the Division says it will rebuild its systems but gave no timeline on when that will be completed or when internet access will be restored. Wi-fi is still available, but library computers are cut off from the internet and printers.
In addition to disrupting library internet access, RansomHub claims to have stolen 56.4 GB of data. The director told Spotlight Delaware that the catalog and patron info was not affected by the attack.
We do not yet know how attackers breached the Division’s cybersecurity or what the allegedly stolen data contains. The Delaware Division of Libraries responded to Comparitech’s questions with the following statement:
“We can confirm that this incident was caused by ransomware. The investigation is still ongoing, and we will provide updates as we have them.”
Who is RansomHub?
RansomHub runs on a ransomware-as-a-service model in which affiliates pay to use the group’s malware and infrastructure to launch their own attacks and collect ransoms. RansomHub is behind high-profile attacks on Rite Aid, Christie’s auction house, Frontier Communications, and the Florida Department of Health.
RansomHub claimed responsibility for 44 confirmed attacks so far this year, according to our data, affecting more than 4.7 million records. Its other recent attacks on government entities includes those on Prasarana Malaysia Berhad (Malaysia), La Cité internationale de la bande dessinée et de l’image (France), Primăria Municipiului Timişoara (Romania), and MINEDUC Ministerio de Educación (Guatemala).
RansomHub claimed another 239 unconfirmed attacks so far in 2024.
Ransomware attacks on US government
Ransomware attacks on government organizations can disrupt public services and put the people who use them at risk of fraud and identity theft. Ransomware attacks can lock down computers by encrypting the data stored on them until a ransom is paid for a key to decrypt them. They can also steal data that attackers use to extort organizations and their users.
Comparitech researchers have logged 64 confirmed ransomware attacks on US government targets in 2024 so far, including local governments, libraries, and law enforcement agencies. Another 239 such attacks have been claimed by ransomware groups but not acknowledged by their targets.
Other recent ransomware attacks on US government entities include those on the town of Ulster, NY; the Seattle-Tacoma International Airport; and Franklin County, KS.
About the Delaware Division of Libraries
Headquartered in Dover, the Division of Libraries is Delaware’s official library agency. It’s responsible for Delaware Library Access Services, issues library cards, and runs the Delaware Library Catalog. The Division’s website lists 33 libraries located across New Castle, Kent, and Sussex Counties.