Cyber Incident Victim: St. Louis Public Library
Date:
Jan 2017
Location:
United States of America
Summary
A ransomware attack disrupted the St. Louis Public Library's operations, infecting servers and rendering approximately 700 public computers across 16 locations inoperable, which prevented book checkouts. The attackers demanded $35,000 in Bitcoin, but critical data such as the book catalog and patron information remained uncompromised as they were stored separately. Utilizing existing backups allowed the library to restore systems without paying the ransom, though full recovery was anticipated to take several weeks. The incident was reported to law enforcement authorities for investigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The ransomware attack on the St. Louis Public Library occurred between late Wednesday, January 18, 2017, and early Thursday, January 19, 2017, compromising the library's server infrastructure. The unnamed ransomware variant disrupted operations across 16 library branches, rendering approximately 700 public computers inoperable and preventing book checkout services. Attackers demanded a ransom of $35,000 in Bitcoin to provide decryption keys for the scrambled files. The infection specifically targeted administrative systems rather than the library's core catalog database, which remained unaffected. No patron or staff personal information was stored on the compromised servers, eliminating financial or identity data exposure risks. Library spokesperson Jen Hatton confirmed no public data breaches occurred as a result of the incident.
Library administrators immediately engaged recovery protocols using existing backup systems, avoiding immediate payment to the attackers. The restoration process required rebuilding infected servers and workstations across all affected locations, with officials estimating weeks before full operational normalization. The FBI was notified to initiate a criminal investigation, though no attribution details were publicly disclosed. While backups provided data recovery options, the physical scope of reinstalling systems across hundreds of endpoints contributed to extended downtime. Service disruptions persisted through the initial recovery phase, particularly impacting public computer access and material circulation functions. The library maintained public communications regarding progress throughout the restoration period.