The Calgary Public Library first flagged suspicious activity on its servers on Oct. 10. Less than 24 hours later, it confirmed the library was the target of a full-fledged cyberattack.
Security teams chose to pro-actively shut down the servers rather than leave systems vulnerable, a decision that chief executive officer Sarah Meilleur credits with saving the library’s infrastructure, stopping the attack and ensuring that no business, employee or member data was compromised.
From 2023: Toronto Public Library service reductions projected to last months after ransomware attack
All branches were closed that first weekend. The normally bustling Central branch downtown, much lauded for its architectural beauty, was locked up tight, security guards sitting on chairs in the foyer behind glass doors.
For the next six weeks, library operations remained in a holding pattern. Patrons were asked to avoid returning books. WiFi was disconnected at branches. E-books and audiobooks couldn’t be checked out and holds couldn’t be placed. The online catalogue was a best-guess scenario.
Yet there was a charming analog side to the digital nightmare.
Branches reopened on Oct. 16, albeit with limited services. People could check out books – with librarians writing out card and items numbers by hand – and gather in the local spaces for reading groups and the like.
“It took us back to those days before technology was so much a part of our services,” Ms. Meilleur said in a recent interview.
“It was pretty amazing seeing how the community responded, even when access to the full library was minimal. Our locations were busy. People were coming in, they were checking out materials, they were studying, they were gathering and connecting with folks.”
The library’s IT team provided branches with secure laptops after a few days, so librarians switched to scanning book barcodes into a document. The information was uploaded later, once servers were back online.
Hacker breaches B.C. libraries and demands ransom after taking e-mails, phone numbers
A Microsoft Incident Response team was brought in early on to support containment procedures and investigate what happened. On. Oct. 29, the team’s report confirmed a suspected ransomware attack.
The Calgary Public Library has invested a lot in cybersecurity over the past two years, Ms. Meilleur said – a direct result of watching escalating attacks on public and private libraries.
In October 2023, the Toronto Public Library was hobbled for months after a ransomware attack on its network. In that case, the attackers, from the Black Basta group, demanded a ransom. The library reported that it did not pay, but it’s believed the identities, home addresses and social insurance numbers of current and former staff were compromised.
Calgary’s choice to immediately shut down its servers was disruptive, but it helped one of North America’s largest municipal library systems avoid such a fate.
“Because we were able to stop the attack from being fully implemented, we were never in contact with a threat actor at any point to really understand what they were looking for or what their intentions were,” Ms. Meilleur said.
“There’s no conclusive evidence to determine who the attacker was, so we’ll probably never know.”
Post-attack, the Calgary Public Library slowly implemented a three-stage Pathway to Recovery.
The first step restored staff networks and devices, a lengthy process that included inspecting and reviewing every piece of technology at the library before making it available to staff or patrons.
Stage two rolled out on Nov. 21. Members could access their accounts and libraries could finally begin processing returns and holds.
The last stage, which is under way, is the restoration of full technology services at the library. On Dec. 11, public WiFi became available at all library locations, as did printing services, and members could finally access most digital resources and book meeting rooms online.
The library is building back stronger using lessons it learned from the attack and recommendations from experts, but the strategy it already had in place stopped the situation from being much worse.
“No doubt we were preparing for what we might do if something like this happened, focusing on what recovery might look like,” Ms. Meilleur said. “That planning and preparation work stood us in good stead. You can’t prepare for every eventuality, but even thinking about the steps you might take help set you up for the future and for a solid comeback story.”
The attack also highlighted the importance of strong cybersecurity training and password management for staff, Ms. Meilleur said – something she’s taking into her own personal life as well.
“Many organizations have mandatory cybersecurity training, but it really comes home in a new way when you live through a cybersecurity attack,” she said.
By the way, she said, as the interview wrapped up, “Can I give you a book recommendation?”
Absolutely. She named a book by Japanese author Michiko Aoyama. The title? What You Are Looking For Is in the Library.