Cyber Incident Victim: Westchester Library System
Date:
Mar 2022
Location:
United States of America
Summary
The Westchester Library System experienced a sophisticated ransomware attack targeting its network, prompting the temporary shutdown of public computers across multiple branches. While officials confirmed no compromise of patron data due to existing security measures, the attack necessitated a full restoration of affected terminals, requiring hard drives to be wiped on approximately 500 public machines spanning 38 libraries—a process expected to take up to two weeks. During the restoration, several libraries maintained public Wi-Fi access and offered alternative solutions such as loaner laptops for in-library use or checkout. This incident mirrored a prior ransomware attack on the same system, which similarly resulted in precautionary computer shutdowns without evidence of data exposure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around March 28, 2022, the Westchester Library System (WLS) detected a ransomware attack targeting its network infrastructure. Library officials characterized the incident as a "sophisticated" attack that primarily exploited vulnerabilities in public internet terminals across the county's library branches. Security measures implemented by WLS prevented widespread network compromise, with officials confirming no evidence of patron data exfiltration or compromise. The attack necessitated the immediate takedown of all public computer terminals as a containment measure. While WLS technicians removed visible ransomware elements from affected machines, the complexity of the attack prompted a decision to perform full system restores on all public terminals rather than partial remediation.
The incident disrupted public computing services across WLS's 38 member libraries, affecting approximately 500 terminals. Individual libraries including Larchmont, Harrison, Mamaroneck, and Lewisboro notified patrons about the indefinite unavailability of public computers starting March 31, though public Wi-Fi services remained operational. Restoration efforts required complete hard drive wipes and system rebuilds, with WLS estimating a 1.5 to 2-week remediation timeline. Libraries implemented temporary alternatives such as Lewisboro's laptop loaner program for in-library use and home checkout. This marked the second ransomware incident affecting WLS public terminals since July 2019, though neither attack resulted in confirmed data exposure. System-wide public computer restoration proceeded under supervision of IT specialists, with terminals remaining offline until security verification was completed.