Lockbit ransomware attack cripples parts of German library service

One of the largest library services in Germany, EKZ Bibliotheksservice, has been impacted by a ransomware attack that has left book lovers unable to rent and borrow eBooks, audio books, and electronic magazines.

In an FAQ on its website, Reutlingen-based EKZ says it is currently trying to repair the damage caused by the attack, and identify if any personal data was stolen.

For now, orders cannot be made online, and even orders submitted via email, fax or telephone can not be completed at present.

Onleihe, a popular app that connects users via EKZ’s service to their local libraries to borrow eBooks and audiobooks, reported that its copy-protected eBooks had been deleted in what it euphemistically called a “process error” and that they would need to be re-encrypted and that it is making “incremental progress” to uploading them again.

In addition, Onleihe apologised that its user forum was currently unavailable, and said it would endeavour to make it accessible again “as soon as possible.”

Although neither company names the ransomware involved in the attack, Bleeping Computer reported that the LockBit ransomware group has claimed responsibility.

The LockBit ransomware gang, on its leak site on the dark web, claims to have published data stolen from EKZ, presumably because its ransom demands have not been met.

In an ideal world, no organisation would never pay a ransom to its extortionists – recovering encrypted data from backups, and weathering the storm of any damage done to its brand by a security breach.

However, it’s understandable that some companies may take the view that the costs of successful recovery (both of data and public image) are so great that it’s more pragmatic to pay their attackers.  This may particularly be the case where it’s not just your company’s data which is at risk of being leaked onto the internet by cybercriminals, but also that of innocent clients and business partners.

What no-one disagrees about, however, is that every time a ransom is paid it encourages cybercriminals to launch further attacks.

Law enforcement agencies in Germany have been informed of the attack and security breach.