The Calgary Public Library says it is embarking on a three-stage approach to restoring full services following a ransomware attack earlier this month.
The library says it has completed its investigation with help from cybersecurity experts and a Microsoft incident response team and determined that while servers were compromised, no business, employee or membership data was affected.
Library CEO Sarah Meilleur credits the library’s security systems for successfully detecting the breach and blocking the attack.
“Our monitoring sytems alerted the library to suspicious activity on its servers on Oct. 10,” Meilleur says. “The library began an initial investigation and initiated our incident response protocol and as part of our containment procedures we made the decision to proactively shut down all servers and systems on Friday Oct. 11.”
The library says that while the containment measures caused a “significant service disruption” that forced the closure of all library locations for several days, the investigation shows that quick action was necessary.
“We know the closure of locations was challenging for staff and members,” Meilleur says. “But it was this action that our security advisors later credited with saving our infrastructure.”
Meilleur says the first stage of operational recovery efforts involves securing staff networks, devices, communication and connectivity across all 23 library work sites before reintroducing some digital and technology services and then restoring full service.
Meilleur was unable to provide a timeline for the full restoration of services and she says the library does not know why it was targeted.