Ransomware locked over 700 of its computers, but St. Louis library system refused to pay

By Bruce Brown Published January 25, 2017

“Just say ‘no’ worked for the St. Louis, Missouri public library system. On January 19, 2016, a ransomware attack took down circulation and public access computers at all 17 library branches. The hackers demanded a $35,000 ransom to free up the 700-plus computers. Rather than roll over and pay, however, the library fought back, and by Monday, January 23, most services were back up and running, according to Threat Post.

When the ransomware attack struck, the first thing the library did was contact the FBI. Library IT staff used system and data backups to restore the affected servers after fully wiping them. On January 20, a core circulation system was restored and book checkouts were back in operation at all branches by January 21. On January 23, the last remaining node, the reserve system, was the only part of the library’s computer system not fully operational and that was expected shortly.

Recommended Videos

According to St. Louis Public Library Executive Director Waller McGuire, the source of the attack was not through email phishing, the most common ransomware infection vector. In a letter to patrons, McGuire said that the malware was installed via a network break-in, although the exact point of entry isn’t known. The ransomware software used in the attack is also unknown at this time.

McGuire assured patrons that their personal and financial data was not in jeopardy because it isn’t stored on library servers. The online circulation system for downloading books, movies, and music wasn’t affected, nor was the library’s Wi-Fi service.

“St. Louis Public Library has been working with the FBI to identify how criminals broke into our system and correct the problem,” McGuire said. “I apologize to patrons for any inconvenience this incident has caused: on most days thousands of St. Louis Public Library patrons check out materials and use computers for many purposes.”

Many stories about ransomware attacks on banks, hospitals, and schools end in the payment of ransom demands in order to get the data back and restore critical services as soon as possible. Just recently the Los Angeles Community College District paid a $28,000 ransom, using a cybersecurity insurance policy that covered the attack.

It’s worth noting that the St. Louis libraries were able to get back online quickly not just because the system has an IT staff, but also because they systematically back up their full systems, not just their data, and this allowed them to wipe clean and restore the servers promptly.

Topics

Contributing Editor

Bruce Brown Contributing Editor As a Contributing Editor to the Auto teams at Digital Trends and TheManual.com, Bruce…

Computing

Outlook typing lag will finally get a fix from Microsoft

A Dell laptop connected to a hard drive on a couch.

If you use classic Outlook to handle your emails, then you're most likely familiar with the annoying bug that causes huge CPU spikes while typing. It can be difficult to finish emails when your system resources jump by as much as 50 percent (and increase power usage with it), but Microsoft has finally announced that a fix is on the way. The downside? It won't arrive until late May for most users, although some might see it in early or mid May if they're part of the beta program. Until then, there is a workaround.

Rolling classic Outlook back to version 2405 seems to fix the issue, but it comes with a not-insignificant tradeoff. Updates since version 2405 have patched several security flaws, so if you opt to go this route, be aware that it opens your system to vulnerabilities.

Computing

YouTube’s AI Overviews want to make search results smarter

YouTube App

YouTube is experimenting with a new AI feature that could change how people find videos. Here's the kicker: not everyone is going to love it.

The platform has started rolling out AI-generated video summaries directly in search results, but only for a limited group of YouTube Premium subscribers in the U.S. For now, the AI Overviews are focused on things like product recommendations and travel ideas. They're meant to give quick highlights from multiple videos without making users look at each item they're interested in.

Computing

OpenAI’s GPT-4 might be coming to an end. Here’s why that’s actually good news

OpenAI's new typeface OpenAI Sans

OpenAI has seen many changes in recent weeks, and more are quickly coming. The AI company has yet to confirm the launch of its upcoming GPT-5 AI model. However, it is making room for its planned model by ending support for other models in its lineup. OpenAI recently announced that it is retiring its GPT-4 AI model as of April 30. GPT-4 stood as one of the brand’s most popular and longest-running large language models. However, the company has already shifted its focus away from its original large language model technology and more toward its series of reasoning models and other technologies in recent months.

The brand has also made some interesting moves by introducing a new GPT 4.1 model family, strictly as an API for developers, while simultaneously indicating plans to sunset the recently launched GPT-4.5 model and also releasing the o3 and o4 reasoning models. While not yet confirmed, these moves appear to propel the GPT-5 timeline closer to launch.