An attempt by unknown ransomware extortionists to execute a Calgary Public Library cyber attack on its infrastructure was a failure.

Calgary Public Library CEO Sarah Meilleur made the announcement that the library had fended off the attack on Oct. 29, at the Central Library, two weeks after the library first announced it would be closing down its IT infrastructure.

That move to shut down all of the library’s computer systems on Oct. 10 prevented the library from being subject to a ransom, and prevented the leak of any customer, staff, or business data, Meilleur said.

“It was this action that our security advisors later credited with saving our infrastructure,” she said.

“During the shutdown, the library implemented extensive containment measures and launched a thorough investigation. In addition to our technology team and existing cyber security partners, Calgary Public Library engaged a Microsoft Incident Response Team to support our response efforts.”

Meilleur said that CPL also engaged with the Canadian Centre for Cyber Security and the Calgary Police Service.

Ward 12 Councillor Evan Spencer, who serves on the Calgary Public Library board of directors as the council appointee, said that he was grateful to hear that the library had followed a strong process during the attack.

“Further, I am looking forward to following and supporting recovery efforts as a new board member and discussing the learnings with City of Calgary at Audit [Committee].”

Calgarians’ data safe in Calgary Public Library cyber attack

Meilleur said that as a result of the investigation, which was thoroughly performed, the library had full confidence in the safety of the data of Calgarians, and for the library infrastructure itself.

“That really comes down to the investigation, and working with our partners at the Microsoft Incident Response Team that helped us through the investigation, and that was their conclusion.”

The identity, or even the reason for why CPL was targeted, remains a mystery.

“While we cannot speculate why we were targeted, we do know that libraries across North America are experiencing an increase in this type of activity. We are fortunate to have benefited from other [library] systems, sharing from their experiences, and we will do the same to help others learn and prepare for threats,” said Meilleur.

“We never had to pay a ransomware fee. We were never in at any point in this investigation in contact with the threat actor.”

The vector of attack was also unknown, Meilleur said.

“At this point, we don’t have conclusive evidence, and we probably won’t as to how this breach occurred,” she said.

The library will now undertake a three-phased approach to restore secure staff networks and devices across the library’s 23 library locations and work sites, followed by a re-introduction of some digital technologies at some library locations, followed by a full restoration of IT services across the entire library system.

“As we proceed through our pathway to recovery. That’s why it’s so important that we stage it. We need to ensure that we’re inspecting servers and technology before they come online,” Meilleur said.

In the meantime, library services for books and in-person activities, such as meeting room use, were open to the public.

“People are really thrilled to be able to come into locations to use library space, to connect with the staff that support them, and to be able to check materials out. We’ve heard wonderful things the community really appreciates and believes in and needs the library,” said Meilleur.

Meilleur said that the library’s cyber security insurance would cover the shutdown costs and a full accounting for that would be presented to the Calgary Public Library board of directors.

A full timeline for restoring library services was set to be posted on www.calgarylibrary.ca.