View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 20, 2023

Rhysida claims it hacked the British Library

The ransomware gang alleges that it masterminded last month’s cyberattack that crippled most of the British Library's digital services.

By Greg Noone

Ransomware gang Rhysida has claimed responsibility for a cyberattack launched against the British Library last month and launched an auction for the data it alleges it has stolen on its victim blog. The organisation added that the sale will conclude by 27 November with bids opening at 20 Bitcoin, equivalent to £591,000 at the time of writing. This announcement was accompanied by an image showing a selection of the data stolen during its alleged hack, according to The Register, including employment documents and several passport scans. 

The sculpture of Isaac Newton outside the British Library.
Eduardo Paolozzi’s sculpture of Isaac Newton outside the British Library. Last month the institution was victim to a ransomware attack that crippled most of its online services. (Photo by Lucian Milasan/Shutterstock)

The claim follows a devastating cyberattack against the British Library in October that crippled most of its online services. The outage took both the institution’s website, public Wi-Fi and card payment services offline, in addition to its online ordering system (the gift shop, however, remains inviolate). Since the attack, the British Library has resorted to updating the public using its X (formerly Twitter) account. A recent post confirmed that the outage had been caused by a ransomware attack. As such, the post continued, “We’ve taken targeted protective measures to ensure the integrity of our systems and we’re undertaking a forensic investigation with the support of NCSC, the Metropolitan Police and cybersecurity specialists.”

Since the attack, many researchers have seen their projects slowed or halted. One London-based historian told the Telegraph that it was now impossible to order items from the British Library’s satellite book depository in West Yorkshire. “It’s possible to get some books, but everything has to be done by hand,” said Elizabeth Prochaska. “Only certain types of books can be ordered – ones that are here.”

Wrong side of Rhysida

Rhysida was first documented by security researchers in May when it claimed to have hacked the Chilean Army. Operating according to a ‘ransomware-as-a-service’ model, the gang leases the use of its ransomware software to other criminals for a fee. After being deployed via phishing attacks, this malware not only locks its victims’ systems but also exfiltrates sensitive data. Access to both is then ransomed. Rhysida’s previous victims also reportedly include the Portuguese city of Gondomar, an operator of 16 US hospitals and the University of the West of Scotland

Precisely why Rhysida targeted the British Library remains unknown (the institution did not respond to a request for comment from Tech Monitor.) The fact that the gang has begun an auction of the data it allegedly stole from the institution has indicated to some cybersecurity experts that ransom negotiations between the two have broken down. “Rhysida are likely to have not been paid the ransom they have finally demanded and are now pushing out the next phase of the attack by threatening [the] release of data,” ESET’s global cybersecurity advisor Jake Moore told The Register.

A more unusual version of this brinkmanship occurred last week, when the ransomware group BlackCat reported one of its victims to the US Securities and Exchange Commission – though, as a public body funded by the UK government, which is opposed to ransomware payments, a ransom payment from the British Library may always have been unlikely. 

Read more: Will generative AI really supercharge phishing attacks?

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.