The Toronto Public Library (TPL) is still investigating after a ransomware attack rendered its network unusable and temporarily blocked access to its website and booking systems.
In a statement released on Friday, the TPL confirmed “that sensitive data may have been exposed.” Which prompted a further investigation “to determine the extent of the exposure and individuals affected.”
“We continue to actively collaborate with third-party experts to assess the scope of the exposure and individuals impacted. We anticipate the investigation will take some time to complete,” the statement read.
TPLoperates 100 branches and serves over 18.5 million people yearly, but the breach has prompted questions over the effectiveness of its cybersecurity measures, and it remains unclear when its systems will become fully operational.
Kim Crawley, a cybersecurity specialist, who has worked in the field for over 20 years for the likes of Sophos, AT&T Cybersecurity, BlackBerry Cylance, Tripwire, Hack The Box, and Venafi told Now Toronto that ransomware is a specific type of malware, a harmful software code, that infects computer systems and encrypts information making the data on the computer inaccessible to the person using it.
“The attacker has the key to decrypt the code and therefore can gain access to the data stored on the hacked system,” she explained.
“In the case of a ransomware attack, the perpetrator will produce a ransom note to compel the victims to send them large sums of money in order to get their data back, “Crawley said.
Most cyberattacks are financially motivated and in their early days were aimed at individuals. Hackers would demand the victim hand over their credit card information for the return of their information, but that method proved relatively non-lucrative, so cyber criminals upgraded to large companies and institutions with access to sensitive data and significant sums of money.
Nowadays, cyber criminals tend to demand much larger payouts, usually in cryptocurrency, as transactions are harder for police to trace, though it is possible to do so, Crawley confirmed.
In days past, to fight off cyber attacks companies and public institutions would take mitigation measures by backing up and recording data to external hard drives, so if a ransomware attack occurred, they didn’t have to pay off the attackers because they could “ take and restore the data from their backup,” Crawley explained.
Modern methods of data protection and cyber attack prevention function similarly whereby companies and institutions store their data on cloud networks like AWS and Microsoft Azure.
“But now even with backups, cyber criminals can threaten to expose information publicly on the dark web or online,” Crawley said, hence the threat of releasing confidential information in exchange for financial payouts has become increasingly high stakes.
An effective block against cyber attacks, according to Crawley, is to eliminate the risk of phishing, a strategy used by online crooks masquerading as trusted entities to trick people into opening emails or text messages containing malware.
There are AI run anti-phishing softwares designed to block phishing emails from ever reaching people’s inboxes, which many companies and public institutions use, “but AI makes mistakes’ ‘ Crawley said, hence a degree of vigilance is required among individuals too.
One practice to be aware of is a technique called “file binding,” said Crawley. It is a software that fuses multiple files together by burying harmful programs beneath otherwise harmless ones, like an email, meaning a virus could be present in a graphic or logo instead of a link attached to a message, in this case simply opening a phishing email would activate the malware.
Currently, ransomware attacks tend to be directed towards institutions and high-value corporations harbouring highly sensitive information. However, any system that uses a computer can be hacked, including elevators, cars, and security systems in residential condo buildings.
